Windows has the ability to stash login credentials securely, but on Linux, this functionality isn't present, so having the browser "pack its own parachute" with its own encryption would be nice.
I wish for a feature that is in Firefox... and that is the ability to set a master password and encrypt all password manager contents. That way, stored passwords and certificates are independently protected.
My concern about always-on storage is that if someone gets root, they can zero out the backup storage, purge all snapshots, then rsync the zeroed out changes.
I sometimes wonder about using hard disks instead of tapes in a silo. Perhaps something like iMation's RDX, except with modern, high capacity drives, or maybe even a robotic mechanism that can handle bare bones disks, moving them from a storage part to a reader [1], and so on.
Hard disks are not as reliable as tapes, but if done right, could be used as a way to have backups that can't easily be dumped with a single command as backups stashed on an Avamar or other appliance could be. Plus, there is also the benefit of being able to offsite media as well and rotate it in and out.
[1]: I looked into making a prototype of this circa 2009, and what companies would do the robotics accurately enough to handle bare-bones drives. It is a lot easier if the drives are in an enclosure, but bare-bones means that there are no enclosure "standards" to deal with.
In the early 1990s, AIX allowed you to partition drives (physical volumes) where a logical volume could be residing on the inner or outer part of a drive. That way, DB indexes and critical tables could be placed where access was relatively fast, while the stash for archive logs, program files, and stuff not really accessed could be placed on the outer part. Not SSD speed, but it was a way to help with database performance, especially if one had a lot of spindles.
Slots apps are a good example of this. Virtually all of them will toss you a small amount of coins every four hours, and you gain levels by spending coins, so you can play more elaborate simulated slots, some of which only are playable for 30 minutes. Of course, if you don't want to wait the rest of the four hours, you can do in-app-purchases.
In fact, it seems most games on the smartphone tablet are this way... you need to consume/use "X" resource to gain levels to do more stuff... and the only way to do that quickly is to spend hundreds on some resource (coins, brains, smurfberries) to do so.
IMHO, a smartphone game that goes back to the pre-2011 IAP style of offering a decent game without forcing you to buy stuff -at all-, other than levels would be a hit. A good example of this would be "The Quest" game on iOS, which has a lot of additions to play through.
Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.
By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.
[1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.
A former co-worker of mine, who just got a job in another state, had someone stick roofies in his drink at a party. He wound up stumbling to the wrong house, got brained with a baseball bat, and snagged both a criminal trespass charge (because he opened an unlocked door) and a PI charge. None of this he remembers. His memory is gone from when had a drinks at the party until he wound up waking up shackled to a hospital bed due to the head injury.
I've personally handled tens of thousands of LTO tapes, and I've had less than five go bad. Three had soft media errors (where there was no data loss, just stuff that ECC codes were able to handle), and two had issues with being handled by the grippers in the robot.
I've also have recently pulled data from DLT IV tapes from 1998, no errors.
Plus, tape isn't expensive. The hard part is the drives and libraries, as well as suitable backup software. Once past that, individual tape cartridges are quite inexpensive. $50 is about the highest I see LTO-6, and I've even seen them as low as $10 each in quantities.
At Facebook's level, RAIT is possible, so I don't get why they are bothering with relatively small capacity media when LTO is an established, highly reliable format, and can do everything FB wants without having to reinvent the wheel. Even encryption can be set on drives.
XM still has a place. They used to offer a deal where you paid $800, and the car receiver had permanent access. Forever. Vehicle changes hands? Irrelevant. Then, it was useful for some alternative on a long trip, or listening to a talk radio station (although some of the AM stations in rural areas can go in some strange subject directions.)
Oddly enough, I have been happy with Ford's SYNC service. It works well with both Android and iOS, and can handle handsfree calls as well as A2DP.
Time will tell... but, since phones change so often compared to how often someone changes cars (well, unless they are super rich), it would be nice to have the audio head firmware intended to be as phone OS agnostic as possible and not have to be iOS or Android specific. Who knows... 2-3 years down the road, Tizen, FirefoxOS, BlackberryOS, Symbian, or some OS we may never have heard of might be a third contender.
I'd like to have the audio head have the ability to use media, both as a mounted drive, as well as MTP/PTP access. Bluetooth formats of handsfree and A2DP go without saying. The key is going with established standards, not something that depends on one OS or company.
Maybe the answer might be a modular system. A generic program that would work with everything, then CarPlay and other middleware if the user wants it. However, this seems like a bunch of redundant work, when the car audio system should be a completely separate entity from the phone.
There is also the fact that Mississippi is a lot larger than Massachusetts. It is easy to build high quality Internet connections in a state that is small, with almost all of its population concentrated on the eastern side. A larger state with less population, and population that is more scattered, with the biggest town being about 1/20 the size of Boston makes it a lot more expensive to sling fiber and provide access to residents, especially in a state with such a relatively low population density.
SELinux is a good stab at that. While not 100%, it has helped ensure that a program that manages to get a root context still doesn't have full superuser reign over the system. It isn't simple, but it does a good job at security over previous tools like SUID wrappers.
I wouldn't mind a code review of web browsers and browser add-ons, as those are the first points of contact and generally a primary vehicle for malware to get a foothold.
Tor needs a PR boost if that ever is going to happen. As it stands right now, it is SOP for an admin to block all exit nodes at the incoming router, the IP stack on the machine, the web server, and the application, because of abuse.
No big company is ever going to touch Tor as it stands right now, because of its reputation as a service for criminals (q.q.v. Four Horsemen of the Infocalypse.)
I remember this crossroads in the 1990s. Would firms in general focus on security, even though the worst threats at that time were college students looking to rm -rf / a box or two for kicks.
It came out worse than I could imagine. I heard the "security has no ROI" mantra many a time (although the past couple places I worked at, they actually take it seriously.) When working as a consultant, I asked companies what they had for something if they were hacked. The response was, "We will call Geek Squad or Infosys, and have the problem fixed."
I have read people hoping for a "Warhol event" that would get businesses focusing on security. However, I would say that a "cyber 9/11" (to use a buzzword" would do far more harm to security in general than help.
Take this scenario:
A hurricane has a populated city in its sights. Evacuations are starting. As people are getting on the roads, Elbonian actors hack the anti-theft disable mechanism of a major car maker, disabling random cars at a time on all major roads. When those are towed, another set of cars get turned off. Havoc happens.
Congress is then pushed to push some bills into law. Well, they do. However, they do little or nothing. Here are the bills:
1: A mandatory DRM stack on any device in the US accessing the Internet, enforced by endpoint routers, with mandatory 10-life if any are tampered with.
2: All "tools for cyber-warfare", even something as banal as tcpdump, would be removed from operating systems, and only allowed to registered people.
3: Similar to #1, all machines would run a scanner similar to an antivirus utility, but would use signatures to look for unlicensed MP3 files, movies, programs like Handbrake, and if detected, would automatically shut the machine down and notify the local authorities.
4: A central ID card, similar to a PIV/CAC would be requires on any/all devices so all transactions (even a web login) are positively identified. It would be a felony for someone to access the Internet without their packets being signed or attributed to an ID card.
Of course, none of this would actually -HELP- security, but it would keep it swept under the covers, and (using MBA speak) allow better monetization of existing revenue streams... i.e. your PC becomes a locked down console with only big name brands able to write software for it due to the legal barriers of entry.
If push comes to shove, websites will win. They can embed the whole site in a DRM-ed Flash or Silverlight wrapper, or with how advanced browser fingerprinting is, permanently blacklist that user and computer from the site, perhaps sharing the blacklist with other sites as a deterrent.
You don't need a TPM to fingerprint a user. EFF's panopticlick will make it quite obvious that most users have quite a unique browser fingerprint, and that is without using the canvas function.
I wonder about a clearinghouse. Pay them something a month, and you can access member websites either via a client certificate or a tag that you put on the URL end when going to a clearinghouse's client site that checks to see if the user is authenticated, but can't ask for anything more than that (i.e. no user info from the clearinghouse.) Then, the member sites get paid for every page view from the clearinghouse.
Of course, this is ripe for abuse, be it scripts that rapidly reload pages, to malware swapping one site's ID for another, but it would be an answer to ads.
I have adblock running on everything. No auditory diarrhea encountered here.
Even with that in mind, a lot of websites end up causing the RAM in their browser instance to bloat... so I end up using Chrome's task killer to stop the browser executing stuff in windows when I call it a night, then refresh the pages when I come back to it.
I have tried a number of E-readers, and the one I tend to use the most (other than my phone) is an older Kindle Keyboard. I do like having paper books, but there is something about being able to find an O'Reilly book about a subject when in a server room, or buy the modern equivalent of penny dreadfuls (Weird Tales... 101 decent short stories for a buck. Hard to beat that.)
The instant delivery is also nice. Friend mentions a book, and grabbing a copy is very quick... although one might pay $10 and find that the friend's author is not exactly your tastes... but there are worse things to spend money on than books.
Where the rubber meets the road is if the machines are in temperature and humidity specifications for the equipment, so warranties are not voided.
If this is workable, even during the winter or when it is extremely rainy/humid, this might be a useful idea. However, there is only a limited set of climates that this would work in. The PNW with its moderate temperatures makes sense for this. However, if I attempted to do the same thing in Texas, come summertime, I'd have a building full of BBQ-ed servers.
Very true. That site is the weak link in the chain. However, a lot of websites are only allowing people to post using Facebook IDs. If a site is going to use another site to keep the trolls at bay, having this two-tier method provides something. Some anonymity is better than none.
This might be a way a company can run a pseudo-anonymous identity validator.
John Doe would create an account with foo.com. Foo.com would know John Doe's real life info. When John Doe wants to create an account with bar.com, foo.com sends a hash of the user (the user account + a nonce + the hostname, all hashed.)
Bar.com gets the hash, and John Doe creates a user with a handle. Later on, John Doe tries to create another user for a sock puppet. bar.com realizes there is already one person with that hashed userID, so disallows the user creation unless the other account is removed.
Bar.com finally gets tired of John Doe, and bans him. John Doe creates another account, but because foo.com sends a hashed user that is banned, that is stopped.
Never does bar.com know anything about John Doe other than that he has a foo.com account, and a certain hash. However, the info is good enough to block John Doe from creating other accounts unless he manages to fool foo.com into having multiple, real named accounts with them.
Of course, this isn't 100%. Foo.com can have lax identity validation measures which allows duplicate users. Someone can find out the nonce used as part of the username hashing process. This can be mitigated by adding another database tuple with a random number, but this would mean that foo.com would have to have a 128 bit number for every single site a user visits, rather than calculating a hash.
The result is that a person would have privacy... the worst that happens is that they are blocked from accessing the site. Trying to find the person's real identity and coming after them would be difficult.
I feel dumb by asking, but "encryption keys" is sort of vague, IMHO. What type of encryption? Disk level? SAN level (where PowerPath uses RSA keys to decrypt the LUN presented), LVM level with a tool like BitLocker? Database level? Application level (where all tuples are encrypted upstream)?
For example:
1: Take BitLocker for example. For I/O on a drive, it has to have the FVEK (full volume encryption key) in memory at all times. Even if the FVEK is unlocked from somewhere else (TPM chip), if it is slurped out of RAM, the drive can be decrypted.
2: If encryption is used on a database by an application not in China, then there is a bottleneck of all data going through that application.
3: If the Chinese servers are configures with IBM's SAN encryption and the keys for the physical drives are accessed offshore, then compromising of the machines the LUNs are presented to would bypass that.
Encryption is just one piece of a puzzle. Key management and implementation is a huge factor as well. Even something as humble as a tape backup can require infrastructure, both management and technical for adequate security [1].
[1]: Ironically, a lot of companies are well off by just setting a long passphrase on their tape drive silo, and calling it done, assuming the passphrase is stored on paper somewhere secure and well away from the media. I have seen extremely complex appliances that give every tape its own key. The vendor demanded the customer buy two appliances. When I asked the appliance vendor how I back up these tens of thousands of random keys, they said that I had to buy a third appliance to mirror. Way too expensive, complex, and too many moving parts when in a lot of cases, just a simple passphrase is just as good.
I 100% agree there, but companies are based on sales... and even though everyone in a firm may agree on that.. the true people with the whip hand, i.e. the shareholders, want phones that can be sold to Joe Sixpack that are drool-proof and will protect the user from themselves.
One compromise would be to have a "failsafe" ROM on the device, similar to what some B&N Nooks have. If they bootloop eight times, the e-reader will reformat itself and install the "v1.0" ROM... which is enough to get onto the Internet to find updates.
If coupled with some way the user could completely back up their ROM and phone contents via the bootloader (similar to nandroid), it can help greatly with troubleshooting.
This way, a service tech can tell a user to revert to that "v1.0" ROM as part of the troubleshooting process so customizations are factored out.
I'd love these for a solar array where energy stored for unit volume is important, but not critical (like it is in a car or RV) for a number of reasons:
1: Hemp is a lot less nasty for the environment than graphene.
2: This could be used as a buffer for the chemical batteries, since you don't have to worry about limiting amps coming in. Come "shoulder hours", the supercaps can be charging the batteries at exactly the amperage rate they need even after the sun is down, greatly improving the system's efficiency.
3: The lifespan of a capacitor is a lot longer than a battery because electricity is stored physically, not chemically. So, if space is less of an issue, large supercaps can be used without worrying about replacement every 5-10 years (or 2-3 years with Li-ion) batteries.
So, for an off-grid circuit (one that never goes near mains power and pretty much acts as a UPS), having this technology would go far.
There is always going with distributed computing, both tightly coupled (cores) and loosely coupled (different CPUs.)
I wouldn't be surprised to see RAM chips with a part of the die dedicated to CPU/FPU/GPU functions. Add more RAM, add more CPUs.
Eventually the concept of a "central" processing unit may give way to passive backplanes and various speed buses, perhaps with a relatively lightweight chip directing everything.
Another example, is the x86 architecture. Intel has been amazing in keeping it going, but eventually, moving to something like Itanium with 128+ registers for integer, 128+ for floating point, etc. might be how Moore's "law" keeps going.
As for jets, it isn't a matter of "can't", but "why bother". Once commercial airlines got deregulated, good enough was good enough and the race to the bottom began, so there was no interest in trying to continue making progress with better planes, other than military aircraft.
Slashdot Mirror
Windows has the ability to stash login credentials securely, but on Linux, this functionality isn't present, so having the browser "pack its own parachute" with its own encryption would be nice.
I wish for a feature that is in Firefox... and that is the ability to set a master password and encrypt all password manager contents. That way, stored passwords and certificates are independently protected.
My concern about always-on storage is that if someone gets root, they can zero out the backup storage, purge all snapshots, then rsync the zeroed out changes.
I sometimes wonder about using hard disks instead of tapes in a silo. Perhaps something like iMation's RDX, except with modern, high capacity drives, or maybe even a robotic mechanism that can handle bare bones disks, moving them from a storage part to a reader [1], and so on.
Hard disks are not as reliable as tapes, but if done right, could be used as a way to have backups that can't easily be dumped with a single command as backups stashed on an Avamar or other appliance could be. Plus, there is also the benefit of being able to offsite media as well and rotate it in and out.
[1]: I looked into making a prototype of this circa 2009, and what companies would do the robotics accurately enough to handle bare-bones drives. It is a lot easier if the drives are in an enclosure, but bare-bones means that there are no enclosure "standards" to deal with.
In the early 1990s, AIX allowed you to partition drives (physical volumes) where a logical volume could be residing on the inner or outer part of a drive. That way, DB indexes and critical tables could be placed where access was relatively fast, while the stash for archive logs, program files, and stuff not really accessed could be placed on the outer part. Not SSD speed, but it was a way to help with database performance, especially if one had a lot of spindles.
Slots apps are a good example of this. Virtually all of them will toss you a small amount of coins every four hours, and you gain levels by spending coins, so you can play more elaborate simulated slots, some of which only are playable for 30 minutes. Of course, if you don't want to wait the rest of the four hours, you can do in-app-purchases.
In fact, it seems most games on the smartphone tablet are this way... you need to consume/use "X" resource to gain levels to do more stuff... and the only way to do that quickly is to spend hundreds on some resource (coins, brains, smurfberries) to do so.
IMHO, a smartphone game that goes back to the pre-2011 IAP style of offering a decent game without forcing you to buy stuff -at all-, other than levels would be a hit. A good example of this would be "The Quest" game on iOS, which has a lot of additions to play through.
Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.
By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.
[1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.
It also happens to men.
A former co-worker of mine, who just got a job in another state, had someone stick roofies in his drink at a party. He wound up stumbling to the wrong house, got brained with a baseball bat, and snagged both a criminal trespass charge (because he opened an unlocked door) and a PI charge. None of this he remembers. His memory is gone from when had a drinks at the party until he wound up waking up shackled to a hospital bed due to the head injury.
I've personally handled tens of thousands of LTO tapes, and I've had less than five go bad. Three had soft media errors (where there was no data loss, just stuff that ECC codes were able to handle), and two had issues with being handled by the grippers in the robot.
I've also have recently pulled data from DLT IV tapes from 1998, no errors.
Plus, tape isn't expensive. The hard part is the drives and libraries, as well as suitable backup software. Once past that, individual tape cartridges are quite inexpensive. $50 is about the highest I see LTO-6, and I've even seen them as low as $10 each in quantities.
At Facebook's level, RAIT is possible, so I don't get why they are bothering with relatively small capacity media when LTO is an established, highly reliable format, and can do everything FB wants without having to reinvent the wheel. Even encryption can be set on drives.
XM still has a place. They used to offer a deal where you paid $800, and the car receiver had permanent access. Forever. Vehicle changes hands? Irrelevant. Then, it was useful for some alternative on a long trip, or listening to a talk radio station (although some of the AM stations in rural areas can go in some strange subject directions.)
Oddly enough, I have been happy with Ford's SYNC service. It works well with both Android and iOS, and can handle handsfree calls as well as A2DP.
Time will tell... but, since phones change so often compared to how often someone changes cars (well, unless they are super rich), it would be nice to have the audio head firmware intended to be as phone OS agnostic as possible and not have to be iOS or Android specific. Who knows... 2-3 years down the road, Tizen, FirefoxOS, BlackberryOS, Symbian, or some OS we may never have heard of might be a third contender.
I'd like to have the audio head have the ability to use media, both as a mounted drive, as well as MTP/PTP access. Bluetooth formats of handsfree and A2DP go without saying. The key is going with established standards, not something that depends on one OS or company.
Maybe the answer might be a modular system. A generic program that would work with everything, then CarPlay and other middleware if the user wants it. However, this seems like a bunch of redundant work, when the car audio system should be a completely separate entity from the phone.
There is also the fact that Mississippi is a lot larger than Massachusetts. It is easy to build high quality Internet connections in a state that is small, with almost all of its population concentrated on the eastern side. A larger state with less population, and population that is more scattered, with the biggest town being about 1/20 the size of Boston makes it a lot more expensive to sling fiber and provide access to residents, especially in a state with such a relatively low population density.
SELinux is a good stab at that. While not 100%, it has helped ensure that a program that manages to get a root context still doesn't have full superuser reign over the system. It isn't simple, but it does a good job at security over previous tools like SUID wrappers.
I wouldn't mind a code review of web browsers and browser add-ons, as those are the first points of contact and generally a primary vehicle for malware to get a foothold.
Tor needs a PR boost if that ever is going to happen. As it stands right now, it is SOP for an admin to block all exit nodes at the incoming router, the IP stack on the machine, the web server, and the application, because of abuse.
No big company is ever going to touch Tor as it stands right now, because of its reputation as a service for criminals (q.q.v. Four Horsemen of the Infocalypse.)
I remember this crossroads in the 1990s. Would firms in general focus on security, even though the worst threats at that time were college students looking to rm -rf / a box or two for kicks.
It came out worse than I could imagine. I heard the "security has no ROI" mantra many a time (although the past couple places I worked at, they actually take it seriously.) When working as a consultant, I asked companies what they had for something if they were hacked. The response was, "We will call Geek Squad or Infosys, and have the problem fixed."
I have read people hoping for a "Warhol event" that would get businesses focusing on security. However, I would say that a "cyber 9/11" (to use a buzzword" would do far more harm to security in general than help.
Take this scenario:
A hurricane has a populated city in its sights. Evacuations are starting. As people are getting on the roads, Elbonian actors hack the anti-theft disable mechanism of a major car maker, disabling random cars at a time on all major roads. When those are towed, another set of cars get turned off. Havoc happens.
Congress is then pushed to push some bills into law. Well, they do. However, they do little or nothing. Here are the bills:
1: A mandatory DRM stack on any device in the US accessing the Internet, enforced by endpoint routers, with mandatory 10-life if any are tampered with.
2: All "tools for cyber-warfare", even something as banal as tcpdump, would be removed from operating systems, and only allowed to registered people.
3: Similar to #1, all machines would run a scanner similar to an antivirus utility, but would use signatures to look for unlicensed MP3 files, movies, programs like Handbrake, and if detected, would automatically shut the machine down and notify the local authorities.
4: A central ID card, similar to a PIV/CAC would be requires on any/all devices so all transactions (even a web login) are positively identified. It would be a felony for someone to access the Internet without their packets being signed or attributed to an ID card.
Of course, none of this would actually -HELP- security, but it would keep it swept under the covers, and (using MBA speak) allow better monetization of existing revenue streams... i.e. your PC becomes a locked down console with only big name brands able to write software for it due to the legal barriers of entry.
I know what the reply will be:
"The hackers would have gotten in no matter what we would have done."
If push comes to shove, websites will win. They can embed the whole site in a DRM-ed Flash or Silverlight wrapper, or with how advanced browser fingerprinting is, permanently blacklist that user and computer from the site, perhaps sharing the blacklist with other sites as a deterrent.
You don't need a TPM to fingerprint a user. EFF's panopticlick will make it quite obvious that most users have quite a unique browser fingerprint, and that is without using the canvas function.
I wonder about a clearinghouse. Pay them something a month, and you can access member websites either via a client certificate or a tag that you put on the URL end when going to a clearinghouse's client site that checks to see if the user is authenticated, but can't ask for anything more than that (i.e. no user info from the clearinghouse.) Then, the member sites get paid for every page view from the clearinghouse.
Of course, this is ripe for abuse, be it scripts that rapidly reload pages, to malware swapping one site's ID for another, but it would be an answer to ads.
I have adblock running on everything. No auditory diarrhea encountered here.
Even with that in mind, a lot of websites end up causing the RAM in their browser instance to bloat... so I end up using Chrome's task killer to stop the browser executing stuff in windows when I call it a night, then refresh the pages when I come back to it.
I have tried a number of E-readers, and the one I tend to use the most (other than my phone) is an older Kindle Keyboard. I do like having paper books, but there is something about being able to find an O'Reilly book about a subject when in a server room, or buy the modern equivalent of penny dreadfuls (Weird Tales... 101 decent short stories for a buck. Hard to beat that.)
The instant delivery is also nice. Friend mentions a book, and grabbing a copy is very quick... although one might pay $10 and find that the friend's author is not exactly your tastes... but there are worse things to spend money on than books.
Where the rubber meets the road is if the machines are in temperature and humidity specifications for the equipment, so warranties are not voided.
If this is workable, even during the winter or when it is extremely rainy/humid, this might be a useful idea. However, there is only a limited set of climates that this would work in. The PNW with its moderate temperatures makes sense for this. However, if I attempted to do the same thing in Texas, come summertime, I'd have a building full of BBQ-ed servers.
Very true. That site is the weak link in the chain. However, a lot of websites are only allowing people to post using Facebook IDs. If a site is going to use another site to keep the trolls at bay, having this two-tier method provides something. Some anonymity is better than none.
This might be a way a company can run a pseudo-anonymous identity validator.
John Doe would create an account with foo.com. Foo.com would know John Doe's real life info. When John Doe wants to create an account with bar.com, foo.com sends a hash of the user (the user account + a nonce + the hostname, all hashed.)
Bar.com gets the hash, and John Doe creates a user with a handle. Later on, John Doe tries to create another user for a sock puppet. bar.com realizes there is already one person with that hashed userID, so disallows the user creation unless the other account is removed.
Bar.com finally gets tired of John Doe, and bans him. John Doe creates another account, but because foo.com sends a hashed user that is banned, that is stopped.
Never does bar.com know anything about John Doe other than that he has a foo.com account, and a certain hash. However, the info is good enough to block John Doe from creating other accounts unless he manages to fool foo.com into having multiple, real named accounts with them.
Of course, this isn't 100%. Foo.com can have lax identity validation measures which allows duplicate users. Someone can find out the nonce used as part of the username hashing process. This can be mitigated by adding another database tuple with a random number, but this would mean that foo.com would have to have a 128 bit number for every single site a user visits, rather than calculating a hash.
The result is that a person would have privacy... the worst that happens is that they are blocked from accessing the site. Trying to find the person's real identity and coming after them would be difficult.
I feel dumb by asking, but "encryption keys" is sort of vague, IMHO. What type of encryption? Disk level? SAN level (where PowerPath uses RSA keys to decrypt the LUN presented), LVM level with a tool like BitLocker? Database level? Application level (where all tuples are encrypted upstream)?
For example:
1: Take BitLocker for example. For I/O on a drive, it has to have the FVEK (full volume encryption key) in memory at all times. Even if the FVEK is unlocked from somewhere else (TPM chip), if it is slurped out of RAM, the drive can be decrypted.
2: If encryption is used on a database by an application not in China, then there is a bottleneck of all data going through that application.
3: If the Chinese servers are configures with IBM's SAN encryption and the keys for the physical drives are accessed offshore, then compromising of the machines the LUNs are presented to would bypass that.
Encryption is just one piece of a puzzle. Key management and implementation is a huge factor as well. Even something as humble as a tape backup can require infrastructure, both management and technical for adequate security [1].
[1]: Ironically, a lot of companies are well off by just setting a long passphrase on their tape drive silo, and calling it done, assuming the passphrase is stored on paper somewhere secure and well away from the media. I have seen extremely complex appliances that give every tape its own key. The vendor demanded the customer buy two appliances. When I asked the appliance vendor how I back up these tens of thousands of random keys, they said that I had to buy a third appliance to mirror. Way too expensive, complex, and too many moving parts when in a lot of cases, just a simple passphrase is just as good.
I 100% agree there, but companies are based on sales... and even though everyone in a firm may agree on that.. the true people with the whip hand, i.e. the shareholders, want phones that can be sold to Joe Sixpack that are drool-proof and will protect the user from themselves.
One compromise would be to have a "failsafe" ROM on the device, similar to what some B&N Nooks have. If they bootloop eight times, the e-reader will reformat itself and install the "v1.0" ROM... which is enough to get onto the Internet to find updates.
If coupled with some way the user could completely back up their ROM and phone contents via the bootloader (similar to nandroid), it can help greatly with troubleshooting.
This way, a service tech can tell a user to revert to that "v1.0" ROM as part of the troubleshooting process so customizations are factored out.
I'd love these for a solar array where energy stored for unit volume is important, but not critical (like it is in a car or RV) for a number of reasons:
1: Hemp is a lot less nasty for the environment than graphene.
2: This could be used as a buffer for the chemical batteries, since you don't have to worry about limiting amps coming in. Come "shoulder hours", the supercaps can be charging the batteries at exactly the amperage rate they need even after the sun is down, greatly improving the system's efficiency.
3: The lifespan of a capacitor is a lot longer than a battery because electricity is stored physically, not chemically. So, if space is less of an issue, large supercaps can be used without worrying about replacement every 5-10 years (or 2-3 years with Li-ion) batteries.
So, for an off-grid circuit (one that never goes near mains power and pretty much acts as a UPS), having this technology would go far.
There is always going with distributed computing, both tightly coupled (cores) and loosely coupled (different CPUs.)
I wouldn't be surprised to see RAM chips with a part of the die dedicated to CPU/FPU/GPU functions. Add more RAM, add more CPUs.
Eventually the concept of a "central" processing unit may give way to passive backplanes and various speed buses, perhaps with a relatively lightweight chip directing everything.
Another example, is the x86 architecture. Intel has been amazing in keeping it going, but eventually, moving to something like Itanium with 128+ registers for integer, 128+ for floating point, etc. might be how Moore's "law" keeps going.
As for jets, it isn't a matter of "can't", but "why bother". Once commercial airlines got deregulated, good enough was good enough and the race to the bottom began, so there was no interest in trying to continue making progress with better planes, other than military aircraft.