This. The one thing that TrueCrypt brought to the table wasn't just decent security. It was the plausible deniability aspect of having a hidden volume.
With most programs, they leave breadcrumbs of where data is stored, so if there is an unmounted volume, some rubber hose work can get the data. However, if the volume has someone's pr0n collection (icky, but legal), there isn't much the bad guys can go forward with. They can try to beat the guy with the volume, but in reality, there is no proof anything other than the stuff on the outer volume exists. The breadcrumbs (history in Word, etc.) point to the volume, and it is accessible completely to the attacker.
There is nothing like that out there that is not a commercial program and closed source, except for the implementation of PhonebookFS, where it worked like CFS/EncFS, except one had different views with different passphrases entered, as well as "chaff" so no matter what, there were files that wouldn't decrypt no matter what.
Even more concerning is that both their code signing keys were used. If an Authenticode key got compromised, that is one thing. However, both their gpg and Authenticode keys were used to sign that last release, so it either was a very sophisticated intruder, or the TC Foundation dropped their cards on the table and stopped playing ball for some reason.
BitLocker runs fine on my machines, none of which have a TPM chip. You have to change a policy setting, but after that, they will work as normal, and you can also encrypt the boot/system volume and have it ask for a password when it comes up.
TPM chips are a double-edged sword. They can be used for ill (DRM) in consoles, but I've found them a decent way to protect machines with BitLocker. If you use a TPM + PIN, after a few missed passwords, the TPM will block and demand one waits before another entry... and that wait time doubles with each failure. So, with the anti-brute force mechanism present, it provides good protection for stuff on a laptop.
I have been slowly moving from TrueCrypt to Bitlocker just because I've had issues with permissions and Windows 8/8.1.
It may not be as secure as TC, but it is a lot more recoverable, and to me, my main reason for using FDE is ensuring that a stolen HDD winds up "just" a hardware theft, and not something that can be used for extortion (yes... when I was in college, I was asked to help someone who had some private things stored on his laptop... and when the thieves stole it, they demanded $3000 or else they would post all the nudie pictures of his GF that the victim took to the Internet.)
The recoverability issue is nice. I can enable BitLocker on a drive or image. Then, add a recovery key, and a certificate. Then, the image can be copied/used on a cloud provider, and due to no easy to guess password being used, brute force is off the table. To boot, one can have the computer automatically unlock the drive, so it is basically a set and forget mechanism (with good and bad points.) The BDE keys for recovery wind up stashed in an old smartphone that shed its Wi-Fi, BT, and 3G antenna. Less attack surface for a remote intruder.
For file archives, tossing them into an expandable disk image and flipping on BitLocker may not be perfect, but it seems to do the job to keep people out.
As for Linux and OS X, I'd say Apple's encrypted Sparse Images are useful (as only small 8 MB "bands" change.) LUKS is also decent on Linux.
The nice thing about TC was the fact that it was one program that worked on three platforms, so you could stash your files in a TC container (assuming FAT32 for a filesystem) on your Mac, then access it on your Windows machine.
Confirmed, the Authenticode signatures are from yesterday as well. I'd be careful on the binaries available for download because they shouldn't have changed in two years, and why they are changed now worries me.
What the OP suggests would probably be doable with existing hardware. This is more of an iOS/Android update than designing a new device from scratch.
IMHO, everyone wants something different in an e-Reader. For example, some want a tablet with a Nook app. Others want an e-Ink device that is easy on the eyes that can be held in one hand like a paperback and has a simple, efficient, no-frills UI.
I'd like a rev of e-Ink devices myself. We have plenty of media-playing items, and if one wants to run apps and games, might as buy a full fledged tablet.
Stereolithography machines existed, but they were like the Mitsubishi's Avance-25 (both a sinterer, and a CNC mill), well out of the reach of the average person, so the ideas really didn't come around until more people had experience with this technology.
One of the more notable advances I'm seeing is using 3D printing with dissolvable filament in the same way that lost wax castings are done. Make a figure with sprues, embed it in a mold, use a solvent to get the filament out, pour in silver/bronze/metal of choice, let cool, crack the mold off and grind off the sprues, done. This won't make extremely detailed pieces or pieces with a heavy temper (i.e. no 1911 gun parts), but it would make some usable items in metal.
That is true... however, in the US, Canada, and other places, bandwidth isn't increasing, but fees are, so having everything in the cloud can get very pricy. This is why the LAN/WAN model will probably be around for a while. LAN-wise, having a machine have the role of the desktop and the server. With the current climate of ever decreasing data caps, it may end up pricy enough for even "landline" service that one is just better of not using any cloud services whatsoever and having the backups and such handled by a device on the LAN with removable hard disks or a tape drive.
I can see one device taking up multiple roles. For example, a MS Surface can function as a tablet, a server (when docked and some drives attached), and a desktop (when docked or used with a Bluetooth keyboard.) However, until WAN bandwidth becomes inexpensive, the role of a server on the LAN may not go away anytime soon.
The "desktop PC" is sort of morphing into a server or a media hub. It won't go away because tablets, e-readers, and smartphones are great media consumption devices, but for media production, there isn't anything that is going to replace the role of a decent monitor, large desktop hard drive, keyboard, and pointing device. It might be a tablet in a dock, but the role of a desktop in a home isn't going to vanish anytime soon.
Linux as a desktop instead of Windows can bring some advantages. However, China has some problems to be solved:
1: Windows has one big advantage -- Active Directory and GPOs. It is relatively easy to manage tens of thousands of desktops with the tools provided. Yes, one can use Puppet, Chef, etc... but Windows's GPO provisioning is still ahead and the expertise is available almost anywhere to deploy this.
2: F/OSS alternatives to AD and Exchange that are scalable. This means a mail server that probably sits on top of PostgreSQL or MariaDB and uses that for its main mailbox engine, with full replication, hub/edge nodes, the ability to send out SMTP externally, but keep things in the DB internally, backups, restores, different mailbox replicas in different geographic locations, etc. Exchange handles so much communication, and is pretty much the only game in town for large scale messaging except for Notes. Google Apps doesn't count in this instance.
3: An easy mechanism to push out patches, check logs, ensure policies are set, healthchecks, etc. Again, standard fare in the Microsoft world, but not often used on the UNIX side. Similar to #1. There are tools for this, but Windows has all of this built in.
4: Better/universal file sharing permissions. All UNIX variants have additions past user/group/other, but there will need to be better UI tools to allow a group in one domain access, but disallow people in another domain access (due to separation of duty), and have that go down the directory structure. Again, doable, not not as seamless as in Windows.
5: File-based cryptography. We have BitLocker and such, but UNIX doesn't really have a file-level encryption protocol like EFS that encrypts on a user/file granularity. One can use CFS/EncFS and mount directories, or TrueCrypt and mount volumes, but there isn't anything that one can select a file, encrypt it, and have it only accessible to a set of users/groups in AD/LDAP.
6: Enterprise level recoverability. LUKS is a good encryption protocol, but part of a large scale desktop need is being able to store recovery keys, similar to how BitLocker keys are stashed in AD. This isn't impossible, but would need some programming to do on a large scale.
None of these are major hurdles, but because UNIX tends to be a server or appliance OS, there hasn't been as much a focus on a desktop infrastructure compared to the Windows ecosystem, since the NIS/NIS+ days at Sun.
In a way, I hope China can solve these problems, as it would mean some action in the desktop arena, a place that has been stagnant for decades now.
Four years for causing a million dollars worth of damage isn't that harsh a sentence. What would the verdict be if someone came into a facility with a cutting torch and did the same amount of physical damage? It likely would result in an arrest for some terrorism-related charge. Blanking out servers may not be as obvious as driving a semi into some core machinery, but it does the same exact thing, especially if there are no backups. The machinery may be intact, but if there is some manufacturing process that took years to develop and fine-tune, that knowledge can be lost forever.
This guy got off lightly, and the lesson that EnerVest has learned is that they are probably going to get their next admin or admins from Tata or Infosys, and it won't be surprising to see more companies doing the same thing.
A friend of mine had to clean up a mess (logic bombs left behind that would corrupt arrays and reset LTO tape passwords) that was similar, due to a disgruntled admin. After he cleaned up the mess and tested that backups were working on separate hardware, he was shown the door, and an offshore company hired for all IT work. The reason: "H-1Bs do not commit sabotage."
Thankfully fridges are not that difficult to make so there will be some one-off company that can continue to make "dumb" models which keep the ice and beer cold.
Unless Congress passes a law mandating fridges with screens, there will always be someone who will happily sell old fashioned compressor fridges.
If compressor fridges all end up going that route, Diamond, Frostek, Dometic or Norcold will sell an absorption fridge that is more expensive than a compressor fridge... but has no moving parts other than the liquid inside that evaporates and recombines. These brands are sold to a market of RV-ers or people living off-grid, and who may not have electrical power for a conventional fridge. These fridges can run on propane or natural gas, or use a 120VAC heating element.
I doubt that will ever happen. There were companies that tried giving away low-end Compaq PCs, provided they display ads on them, but that business model flopped.
In reality, the $2000 fridge/freezer will come with ads, like it or not, and the only way to get one without ads is to buy a model without a screen or put it on a VLAN that blocks by IP address... and even then, the fridge will just show what was in the cache last... or perhaps even stop working until it can successfully phone home (similar to the feature reduction with the TV mentioned in a previous article.)
Even better, buy a fridge that doesn't have a screen. Kitchen appliances are going on 60 years without requiring screens, Internet connectivity, or some companies to push ads to them for basic functioning. We don't need them now.
If one wants to pay for a better refrigerator, doesn't mind venting it, and has either propane or natural gas, buy a two-way (gas/electric) fridge. That way, your stuff stays cold even if there is a multi-day power outage. That is far more useful in the long run than any electronic doodads. If one really wants a screen on the fridge, a low-end Android tablet is a couple C-notes, and $5 gets you a roll of double-sided tape.
I wonder if part of it is punishment. Don't give them the data they ask for, and your TV that you paid good money for won't work. This way, people hit "accept" without question the next time a dialog like that pops up. Operant conditioning 101.
I have similar as well. The devices that have a static IP are allowed to access out the gateway at will. However, anything using a DHCP-provided address will have all packets dropped, except for port 80 with an empty page on it. That way, a device can do all the POST or GET with data being sent as part of the URL all it likes, but it won't leave the LAN.
Of course the next step we will see are smart TVs that require activation via a server, and constant contact with the server, perhaps as part of the next HDCP spec. If then, it might be just time to go back to the ghetto LCD projector and movie screen.
Glass is a pioneer product, and the guys with the arrows in the back are always the pioneers (Compaq with their HDD based MP3 player, Diamond with their serial based player, Creative with their Nomad Jukebox, and so on.
I wouldn't be surprised to see the "settlers" (the guys that come on the trails blazed by the pioneers) come along with a decent product eventually. Maybe the next iteration of Glass will use arrays of cameras to make a composite view, or one camera for depth of field, one for the image (like the HTC One M8.) An array of smaller cameras and some software might be better than a larger, bulkier one.
Then there is the uphill battle for acceptance, and already there are people highly turned off on the concept of having yet another camera shoved in their face.
Pioneer devices are never perfect. My HTC Wizard smartphone did everything the first gen iPhone could, but it required a stylus, or very precise finger pressing (good luck.) It takes several generations of research/design/feedback from consumers to get a product suitable for mass consumption.
You hit the nail on the head. In a way, it is a razor and blade school of marketing. The phones are cheap, but if you want to use any data with it, you will be paying upwards of a C-note a month, regardless of using T-Mobile, Sprint, AT&T, Verizon, CREDO, Millenicom, or the other MVNOs. It used to be that there were unlimited data plans, but the tier 1 providers dropped the hammer on the MVNOs to disallow it.
Google seems to have good intentions with wanting to get rid of the SD card, but realistically with the bandwidth issues in the US and down under, the SD card is a necessary evil. It would be nice if Android had an option to revert back to its previous functionality level with the card as well, without needing a rooted app (like NextApp SDFix) to re-enable disabled functionality.
Maybe Google should allow SD cards to be formatted with ext3/ext4 so Linux/Android permissions could be applied. That would provide fine-grained protection to keep rogue apps from accessing other app data. With the exiting MTP/PTP functionality in Android 4.4.2, one still has the ability to copy files back and forth, although the SD card couldn't be used directly as a USB flash drive.
I'd disagree. There was an article on/. a while back that it is better to have a small penalty that is heavily enforced than it is to have a large one that is not often used.
For example, if there was a 100 SEK (~ $15.00) fine every time a turnstile jumper did their act, and it was enforced to the point where if someone did that act, they would get a citation and have to pay the fee, the turnstile jumping would stop. However, if there were a $1000 SEK fine, but only one in 100 people got busted for it, the behavior would be encouraged, and people would start to dislike/mistrust whomever enforces/sets the penalties.
Of course, even with enforcement and penalties, sometimes throwing the entire treasury at enforcement may not be enough. Prohibition comes to mind. In cases like that, it is really the will of the people against the government, and if there is overwhelming support to jump turnstiles, it would save money in enforcement to not charge if people feel that strongly about not paying.
Pick your battles, and the battles that need enforcement, enforce it heavily so a would-be scofflaw would know they are going to get caught. Even if the fine was 1 SEK, it is still the fact they got caught that will deter this.
All it takes is entering the password once on boot, and that's it.
A good platform independent way is TrueCrypt. BitLocker is decent as well, and you can put your backups on BitLocker protected media, and if restoring from wbadmin, you can unlock the protected media before restoring, so nothing is stored on any media in plain text.
For Linux, TrueCrypt also works, LUKS is also good.
Macs have a good choice as well. FileVault 2 will ask you for your user password on bootup, and can be used to protect Time Machine backups.
All the above can work with disk images as well (BitLocker would require creating a.vhd or.vhdx file), which can be stashed on a cloud provider's drive to allow for secure file storage, but encrypted. Apple's solution is the best in this case, due to storing data in 8MB "bands" as opposed to one large contiguous file.
It seems that most alarm companies are trying to hawk their app and remotes now. However, a house isn't a car. Just as you stated -- it would be nice for a remote to change the instant alarm zone to a delayed alarm... or perhaps a silent/holdup alarm.
What AMD should consider are FPGAs and different power cores on the same die. This isn't anything new, but done right, it can go a long way in the server room.
The FPGAs can be used for almost anything. Need a virtual CPU for AES array shifting? Got it. Need something specialized for FFT work? Easy said, say done. Different power utilization cores would be ideal for a server room where most of the hosts see peak load use, then after quitting time, end up idle.
The current alarm I use has different zones that do different things when the sensors are tripped. For example, one zone requires to be armed/disarmed separately from everything else. This would be useful for a safe.
I like having no remotes for an alarm system. That way, I can use a duress code if need be. Plus, it is less for someone to hack.
As for remote monitoring, when the alarm goes off, the security company will call you, and if they can't reach you, then call the police. This can take 5-15 minutes, and in that time, a thief can grab a lot of pickings. However, in combination with Kensington locks on all computers, it will cause the thief to leave anything that is tethered, rather than take the time to cut the cables.
Slashdot Mirror
This. The one thing that TrueCrypt brought to the table wasn't just decent security. It was the plausible deniability aspect of having a hidden volume.
With most programs, they leave breadcrumbs of where data is stored, so if there is an unmounted volume, some rubber hose work can get the data. However, if the volume has someone's pr0n collection (icky, but legal), there isn't much the bad guys can go forward with. They can try to beat the guy with the volume, but in reality, there is no proof anything other than the stuff on the outer volume exists. The breadcrumbs (history in Word, etc.) point to the volume, and it is accessible completely to the attacker.
There is nothing like that out there that is not a commercial program and closed source, except for the implementation of PhonebookFS, where it worked like CFS/EncFS, except one had different views with different passphrases entered, as well as "chaff" so no matter what, there were files that wouldn't decrypt no matter what.
Even more concerning is that both their code signing keys were used. If an Authenticode key got compromised, that is one thing. However, both their gpg and Authenticode keys were used to sign that last release, so it either was a very sophisticated intruder, or the TC Foundation dropped their cards on the table and stopped playing ball for some reason.
BitLocker runs fine on my machines, none of which have a TPM chip. You have to change a policy setting, but after that, they will work as normal, and you can also encrypt the boot/system volume and have it ask for a password when it comes up.
TPM chips are a double-edged sword. They can be used for ill (DRM) in consoles, but I've found them a decent way to protect machines with BitLocker. If you use a TPM + PIN, after a few missed passwords, the TPM will block and demand one waits before another entry... and that wait time doubles with each failure. So, with the anti-brute force mechanism present, it provides good protection for stuff on a laptop.
I have been slowly moving from TrueCrypt to Bitlocker just because I've had issues with permissions and Windows 8/8.1.
It may not be as secure as TC, but it is a lot more recoverable, and to me, my main reason for using FDE is ensuring that a stolen HDD winds up "just" a hardware theft, and not something that can be used for extortion (yes... when I was in college, I was asked to help someone who had some private things stored on his laptop... and when the thieves stole it, they demanded $3000 or else they would post all the nudie pictures of his GF that the victim took to the Internet.)
The recoverability issue is nice. I can enable BitLocker on a drive or image. Then, add a recovery key, and a certificate. Then, the image can be copied/used on a cloud provider, and due to no easy to guess password being used, brute force is off the table. To boot, one can have the computer automatically unlock the drive, so it is basically a set and forget mechanism (with good and bad points.) The BDE keys for recovery wind up stashed in an old smartphone that shed its Wi-Fi, BT, and 3G antenna. Less attack surface for a remote intruder.
For file archives, tossing them into an expandable disk image and flipping on BitLocker may not be perfect, but it seems to do the job to keep people out.
As for Linux and OS X, I'd say Apple's encrypted Sparse Images are useful (as only small 8 MB "bands" change.) LUKS is also decent on Linux.
The nice thing about TC was the fact that it was one program that worked on three platforms, so you could stash your files in a TC container (assuming FAT32 for a filesystem) on your Mac, then access it on your Windows machine.
Confirmed, the Authenticode signatures are from yesterday as well. I'd be careful on the binaries available for download because they shouldn't have changed in two years, and why they are changed now worries me.
What the OP suggests would probably be doable with existing hardware. This is more of an iOS/Android update than designing a new device from scratch.
IMHO, everyone wants something different in an e-Reader. For example, some want a tablet with a Nook app. Others want an e-Ink device that is easy on the eyes that can be held in one hand like a paperback and has a simple, efficient, no-frills UI.
I'd like a rev of e-Ink devices myself. We have plenty of media-playing items, and if one wants to run apps and games, might as buy a full fledged tablet.
Stereolithography machines existed, but they were like the Mitsubishi's Avance-25 (both a sinterer, and a CNC mill), well out of the reach of the average person, so the ideas really didn't come around until more people had experience with this technology.
One of the more notable advances I'm seeing is using 3D printing with dissolvable filament in the same way that lost wax castings are done. Make a figure with sprues, embed it in a mold, use a solvent to get the filament out, pour in silver/bronze/metal of choice, let cool, crack the mold off and grind off the sprues, done. This won't make extremely detailed pieces or pieces with a heavy temper (i.e. no 1911 gun parts), but it would make some usable items in metal.
There is always the ability to panic.
That is true... however, in the US, Canada, and other places, bandwidth isn't increasing, but fees are, so having everything in the cloud can get very pricy. This is why the LAN/WAN model will probably be around for a while. LAN-wise, having a machine have the role of the desktop and the server. With the current climate of ever decreasing data caps, it may end up pricy enough for even "landline" service that one is just better of not using any cloud services whatsoever and having the backups and such handled by a device on the LAN with removable hard disks or a tape drive.
I can see one device taking up multiple roles. For example, a MS Surface can function as a tablet, a server (when docked and some drives attached), and a desktop (when docked or used with a Bluetooth keyboard.) However, until WAN bandwidth becomes inexpensive, the role of a server on the LAN may not go away anytime soon.
The "desktop PC" is sort of morphing into a server or a media hub. It won't go away because tablets, e-readers, and smartphones are great media consumption devices, but for media production, there isn't anything that is going to replace the role of a decent monitor, large desktop hard drive, keyboard, and pointing device. It might be a tablet in a dock, but the role of a desktop in a home isn't going to vanish anytime soon.
Linux as a desktop instead of Windows can bring some advantages. However, China has some problems to be solved:
1: Windows has one big advantage -- Active Directory and GPOs. It is relatively easy to manage tens of thousands of desktops with the tools provided. Yes, one can use Puppet, Chef, etc... but Windows's GPO provisioning is still ahead and the expertise is available almost anywhere to deploy this.
2: F/OSS alternatives to AD and Exchange that are scalable. This means a mail server that probably sits on top of PostgreSQL or MariaDB and uses that for its main mailbox engine, with full replication, hub/edge nodes, the ability to send out SMTP externally, but keep things in the DB internally, backups, restores, different mailbox replicas in different geographic locations, etc. Exchange handles so much communication, and is pretty much the only game in town for large scale messaging except for Notes. Google Apps doesn't count in this instance.
3: An easy mechanism to push out patches, check logs, ensure policies are set, healthchecks, etc. Again, standard fare in the Microsoft world, but not often used on the UNIX side. Similar to #1. There are tools for this, but Windows has all of this built in.
4: Better/universal file sharing permissions. All UNIX variants have additions past user/group/other, but there will need to be better UI tools to allow a group in one domain access, but disallow people in another domain access (due to separation of duty), and have that go down the directory structure. Again, doable, not not as seamless as in Windows.
5: File-based cryptography. We have BitLocker and such, but UNIX doesn't really have a file-level encryption protocol like EFS that encrypts on a user/file granularity. One can use CFS/EncFS and mount directories, or TrueCrypt and mount volumes, but there isn't anything that one can select a file, encrypt it, and have it only accessible to a set of users/groups in AD/LDAP.
6: Enterprise level recoverability. LUKS is a good encryption protocol, but part of a large scale desktop need is being able to store recovery keys, similar to how BitLocker keys are stashed in AD. This isn't impossible, but would need some programming to do on a large scale.
None of these are major hurdles, but because UNIX tends to be a server or appliance OS, there hasn't been as much a focus on a desktop infrastructure compared to the Windows ecosystem, since the NIS/NIS+ days at Sun.
In a way, I hope China can solve these problems, as it would mean some action in the desktop arena, a place that has been stagnant for decades now.
Four years for causing a million dollars worth of damage isn't that harsh a sentence. What would the verdict be if someone came into a facility with a cutting torch and did the same amount of physical damage? It likely would result in an arrest for some terrorism-related charge. Blanking out servers may not be as obvious as driving a semi into some core machinery, but it does the same exact thing, especially if there are no backups. The machinery may be intact, but if there is some manufacturing process that took years to develop and fine-tune, that knowledge can be lost forever.
This guy got off lightly, and the lesson that EnerVest has learned is that they are probably going to get their next admin or admins from Tata or Infosys, and it won't be surprising to see more companies doing the same thing.
A friend of mine had to clean up a mess (logic bombs left behind that would corrupt arrays and reset LTO tape passwords) that was similar, due to a disgruntled admin. After he cleaned up the mess and tested that backups were working on separate hardware, he was shown the door, and an offshore company hired for all IT work. The reason: "H-1Bs do not commit sabotage."
Thankfully fridges are not that difficult to make so there will be some one-off company that can continue to make "dumb" models which keep the ice and beer cold.
Unless Congress passes a law mandating fridges with screens, there will always be someone who will happily sell old fashioned compressor fridges.
If compressor fridges all end up going that route, Diamond, Frostek, Dometic or Norcold will sell an absorption fridge that is more expensive than a compressor fridge... but has no moving parts other than the liquid inside that evaporates and recombines. These brands are sold to a market of RV-ers or people living off-grid, and who may not have electrical power for a conventional fridge. These fridges can run on propane or natural gas, or use a 120VAC heating element.
I doubt that will ever happen. There were companies that tried giving away low-end Compaq PCs, provided they display ads on them, but that business model flopped.
In reality, the $2000 fridge/freezer will come with ads, like it or not, and the only way to get one without ads is to buy a model without a screen or put it on a VLAN that blocks by IP address... and even then, the fridge will just show what was in the cache last... or perhaps even stop working until it can successfully phone home (similar to the feature reduction with the TV mentioned in a previous article.)
Even better, buy a fridge that doesn't have a screen. Kitchen appliances are going on 60 years without requiring screens, Internet connectivity, or some companies to push ads to them for basic functioning. We don't need them now.
If one wants to pay for a better refrigerator, doesn't mind venting it, and has either propane or natural gas, buy a two-way (gas/electric) fridge. That way, your stuff stays cold even if there is a multi-day power outage. That is far more useful in the long run than any electronic doodads. If one really wants a screen on the fridge, a low-end Android tablet is a couple C-notes, and $5 gets you a roll of double-sided tape.
I wonder if part of it is punishment. Don't give them the data they ask for, and your TV that you paid good money for won't work. This way, people hit "accept" without question the next time a dialog like that pops up. Operant conditioning 101.
I have similar as well. The devices that have a static IP are allowed to access out the gateway at will. However, anything using a DHCP-provided address will have all packets dropped, except for port 80 with an empty page on it. That way, a device can do all the POST or GET with data being sent as part of the URL all it likes, but it won't leave the LAN.
Of course the next step we will see are smart TVs that require activation via a server, and constant contact with the server, perhaps as part of the next HDCP spec. If then, it might be just time to go back to the ghetto LCD projector and movie screen.
Glass is a pioneer product, and the guys with the arrows in the back are always the pioneers (Compaq with their HDD based MP3 player, Diamond with their serial based player, Creative with their Nomad Jukebox, and so on.
I wouldn't be surprised to see the "settlers" (the guys that come on the trails blazed by the pioneers) come along with a decent product eventually. Maybe the next iteration of Glass will use arrays of cameras to make a composite view, or one camera for depth of field, one for the image (like the HTC One M8.) An array of smaller cameras and some software might be better than a larger, bulkier one.
Then there is the uphill battle for acceptance, and already there are people highly turned off on the concept of having yet another camera shoved in their face.
Pioneer devices are never perfect. My HTC Wizard smartphone did everything the first gen iPhone could, but it required a stylus, or very precise finger pressing (good luck.) It takes several generations of research/design/feedback from consumers to get a product suitable for mass consumption.
You hit the nail on the head. In a way, it is a razor and blade school of marketing. The phones are cheap, but if you want to use any data with it, you will be paying upwards of a C-note a month, regardless of using T-Mobile, Sprint, AT&T, Verizon, CREDO, Millenicom, or the other MVNOs. It used to be that there were unlimited data plans, but the tier 1 providers dropped the hammer on the MVNOs to disallow it.
Google seems to have good intentions with wanting to get rid of the SD card, but realistically with the bandwidth issues in the US and down under, the SD card is a necessary evil. It would be nice if Android had an option to revert back to its previous functionality level with the card as well, without needing a rooted app (like NextApp SDFix) to re-enable disabled functionality.
Maybe Google should allow SD cards to be formatted with ext3/ext4 so Linux/Android permissions could be applied. That would provide fine-grained protection to keep rogue apps from accessing other app data. With the exiting MTP/PTP functionality in Android 4.4.2, one still has the ability to copy files back and forth, although the SD card couldn't be used directly as a USB flash drive.
I'd disagree. There was an article on /. a while back that it is better to have a small penalty that is heavily enforced than it is to have a large one that is not often used.
For example, if there was a 100 SEK (~ $15.00) fine every time a turnstile jumper did their act, and it was enforced to the point where if someone did that act, they would get a citation and have to pay the fee, the turnstile jumping would stop. However, if there were a $1000 SEK fine, but only one in 100 people got busted for it, the behavior would be encouraged, and people would start to dislike/mistrust whomever enforces/sets the penalties.
Of course, even with enforcement and penalties, sometimes throwing the entire treasury at enforcement may not be enough. Prohibition comes to mind. In cases like that, it is really the will of the people against the government, and if there is overwhelming support to jump turnstiles, it would save money in enforcement to not charge if people feel that strongly about not paying.
Pick your battles, and the battles that need enforcement, enforce it heavily so a would-be scofflaw would know they are going to get caught. Even if the fine was 1 SEK, it is still the fact they got caught that will deter this.
All it takes is entering the password once on boot, and that's it.
A good platform independent way is TrueCrypt. BitLocker is decent as well, and you can put your backups on BitLocker protected media, and if restoring from wbadmin, you can unlock the protected media before restoring, so nothing is stored on any media in plain text.
For Linux, TrueCrypt also works, LUKS is also good.
Macs have a good choice as well. FileVault 2 will ask you for your user password on bootup, and can be used to protect Time Machine backups.
All the above can work with disk images as well (BitLocker would require creating a .vhd or .vhdx file), which can be stashed on a cloud provider's drive to allow for secure file storage, but encrypted. Apple's solution is the best in this case, due to storing data in 8MB "bands" as opposed to one large contiguous file.
It seems that most alarm companies are trying to hawk their app and remotes now. However, a house isn't a car. Just as you stated -- it would be nice for a remote to change the instant alarm zone to a delayed alarm... or perhaps a silent/holdup alarm.
What AMD should consider are FPGAs and different power cores on the same die. This isn't anything new, but done right, it can go a long way in the server room.
The FPGAs can be used for almost anything. Need a virtual CPU for AES array shifting? Got it. Need something specialized for FFT work? Easy said, say done. Different power utilization cores would be ideal for a server room where most of the hosts see peak load use, then after quitting time, end up idle.
The current alarm I use has different zones that do different things when the sensors are tripped. For example, one zone requires to be armed/disarmed separately from everything else. This would be useful for a safe.
I like having no remotes for an alarm system. That way, I can use a duress code if need be. Plus, it is less for someone to hack.
As for remote monitoring, when the alarm goes off, the security company will call you, and if they can't reach you, then call the police. This can take 5-15 minutes, and in that time, a thief can grab a lot of pickings. However, in combination with Kensington locks on all computers, it will cause the thief to leave anything that is tethered, rather than take the time to cut the cables.
There is a Canadian company called Flashfog that does exactly this, and they couple it with strobe lights to further disorient intruders.
Only downside to this is that people walking by might think a rave is going on, then get mad that they can't find the DJ.