The Ford oil gauges on my two vehicles have two points... full, and empty. It isn't an actual gauge. Similar with the voltmeter, and even though I've had the temptation to slap a Trimetric meter somewhere near the dash, I've not been bored enough to do so.
I do recommend for all Fords, getting a Scangauge II, because it gives meaningful info from the OBD II port.
With some vehicles, it is even worse. The "chicken tax" forces Mercedes to assemble vans in Germany, partially dismantle them, send them over to the US for a final "re-assembly" (not sure how finished the fans are... could be just attaching the mirrors and calling that done.)
1: The part where it gets eradicated from servers. 2: The part where it gets zapped from endpoints.
Part 2 falls under DRM... someone, somewhere will find a way around it [1]. The best way to handle this is similar to PGP's -p flag -- have a private viewer to let the user know this shouldn't be copied, and stop right there. A determined user will find a way to keep track of something, no matter what anti-copy measures are in place.
Now, part 1 is the part that actually matters. There was a proposed expiration algorithm that used a peer to peer setup where when keys expired, they expired on all the peers. That way, not just one system compromised would get an expired key back. If the key was not expired, the peers would hand over the pieces.
Of course, this is easily attacked by having a lot of bogus peers in the mix who will not expire keys. However, as all security measures, the perfect is the enemy of the good, and this is a step up.
[1]: Barring something expensive like high def satellite encryption which has yet to have a meaningful crack.
Even better, print it in one location, then hot-stamp it into the plastic of the router's case, filling the indentation left by the letters with an self-curing epoxy (so the stamped password doesn't wear away over time). It won't be 100%, but at least if the sticker wears off, the password is still present. Another way is to have a sticker, then a metal tag that gets stamped by a press, and is attached securely in a recessed place on the case (so if the glue fails over time, the tag doesn't fall off.)
Even better would be having the default SSID be unique with a number that isn't related to the serial or the Wi-Fi key.
Of course the best of all worlds is having the router have a panel and screen that, after a reset, requires configuration from that for basic functions before it ever flips a packet between interfaces. That way, the user sets their own password, username, and password, so there is never a default for intruders to guess.
To me, it is simple: A LTO-4 tape native capacity is 800GB, each tape $30. That's $375 for 10 terabytes. If I wanted to move to LTO-6, that's $75-$80 a tape, so that's $320 for 10 terabytes uncompressed for four tapes.
Ten TB of VNX space or Avamar space is going to cost you seven digits minimum, probably eight once EMC is done making you pay for all the options. Yes, there is "magic" with deduplication, but even that will fill up shortly.
To boot, unlike Avamar or disk storage, the energy cost of having stored tapes is just HVAC, no having to keep spindles twirling. Plus, tapes are easy to keep physically secure. An intruder in Elbonia would have to get someone on site and into the tape safe to access stored data there, compared to just kicking open a cloud provider and snarfing data from their backend arrays without needing to bribe/coerce someone to physically grab the media and stuff the tape in the silo.
However, tape is "your father's Oldsmobile", and even though it does work, the disk and cloud salespeople always end up getting the PHBs to spend the big bucks on something that ends up getting completely used up within days to weeks.
LTO-4 is the minimum I'd probably go with these days, because it is the first generation to have hardware based AES encryption via SCSI SPIN/SPOUT commands. Most sane backup software (NetBackup for example) can use this, so to protect media, one just makes a password, makes sure the CTO and CIO not just know it, but have it stashed in a folder somewhere, and then maybe change it once a year (leaving the older passwords in the silo's memory for easy reading of older tapes.)
PHBs love the concept of deduplication and disk to disk (a la Avamar)... but eventually that disk fills up, and it fills up far quicker than expected, so it has to go somewhere... and on the enterprise level, nothing beats tape for getting space free on the spindles (assuming one stores multiple copies of the data, preferably with one copy going offsite [1])
[1]: Yes, IM had a facility get toasted, but there is a risk with every media. Cloud stuff can have issues. If one follows basic practices and a tiered data retention system (important data gets backed up in more places, and saved more often), even a loss of an outside facility can be recovered from.
It started with Exchange 2007, and 2012 goes that way. By default, Server Core is standard, and if one needs the full UI, unlike 2008 R2 and earlier... two commands and a reboot, and you have the usual MS UI ready to go.
I'm sure the eventual goal is to have servers be Server Core only with a client having UI management tools, because the UI is something that has to be explicitly selected now.
Of course, it would be nice if Windows had sshd available without a third party utility, but we can dream.
This might be a way to bully/troll someone. Find what their account name is, then make an account with the identical name on every botting site. Of course, account names are hard to come by, but it is a way for someone to cause mischief, similar to people who create bogus FB profiles.
I've not understood why the FTP servers at least had some sanity checks on them, if unencrypted FTP has to be used:
1: If the server is used by business "A" to feed business "B" data to their server, then business "B"'s FTP server should have TCP wrappers installed/configured, and business "A"' should consider using a static IP address for outgoing stuff. This won't help much with authentication, but passwords cannot be brute forced if the server doesn't allow connections in the first place.
2: Even better, both business "A" and business "B" should have their routers do tunneling so the FTP server can sit on a DMZ and not be exposed to the raw Internet.
1: It can mean FTP over SSL/TLS. 2: It can mean creating a SSH tunnel, then using "plain old" FTP [1]. 3: It can mean using ssh's file transport protocol which has nothing to do with the old FTP method.
[1]: This is harder than it looks with even passive FTP, especially with Windows boxes.
When I see "sftp", I think the ssh facility, but I always try to make sure it is clear what I'm meaning.
Maybe I'm just naive, but if one is using SSH or FTP over the Internet, shouldn't it be par for the course to use public key authentication, perhaps with a two factor system as backup? That way, if a SSH server gets compromised, there are no passwords for an attacker to steal. This is just basic stuff, like configuring your Exchange server to not relay every message sent to it.
I use Titanium Media Sync for the files and Titanium Backup for everything else. If one is afraid of Dropbox or a cloud service, then that is one issue. However, if one is just backing up apps, Titanium Backup has very good encryption (encrypting, it uses a public key, decrypting, it prompts and unlocks a private key.)
Of course, Dropbox's app does a good job for saving photos to its storage.
If one needs encryption, there are always programs that use EncFS that remote sync to cloud providers. This allows files to be stored on Dropbox, et. al. encrypted completely.
This wouldn't even be a Constitutional challenge. A plane is private property. The First Amendment doesn't give the right for someone to demand what they want on non-public territory, even if the "grounds" constitute an aluminum tube. The cases of Pruneyard Shopping Center vs. Robins and Kings Mall vs. Wenk will be pulled out and it will be asserted by the defense that the plane constitutes a similar place as a shopping mall, thus not protected by the 1A.
I just don't get IBM's motive. In the past, they were a one stop shop for a business. Yes, expensive, but no matter what broke, be it software, hardware, or the application, the IBM CE either could fix, or could get someone on the line who would be able to deal with the problem.
Then they sold most everything.
Other than becoming a new EDS with mainframes, what is IBM going to gain by this long-term strategy? Each market they hand over is one that could end up a bonanza should a trend change in the IT world. Storage and SSD come to mind.
Going to just mainframes won't help much -- zSeries machines are still the best hardware out there, but not everyone needs Parallel Sysplex, and a lot of companies are moving to Facebook's model of running with a craptastic generic hardware stack, with all the redundancy in the backend application programming.
Even if a phone can be killed, it likely won't drop crime that much. Unlike car radios which were pretty much made useless by the fact that OEMs have decent audio from the factory, smartphones will still make money when parted out. In fact, if an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there, which is good money.
An iPad or tablet is even more cash for parts.
So, with this in mind, yes, killing the device might stop it from being sent to Mexico and used there, but for the most past, IMEI blacklists have similar functionality.
To boot, we already have that functionality in place. Any device running iOS 7.x will require the user's AppleID and password before it will activate, so stealing an iPhone in order to resell the unit is an exercise in futility.
Maybe I've not seen an example of this, but there is a point where a I've not seen any meaningful enforcement of these regulations, be it PCI-DSS3, HIPAA, FERPA, Sarbanes-Oxley, or others. For example, from what has been shown in previous examples, PCI is almost a joke and given lip service at best. Tokenization of card numbers? Yeah, right.
Are these laws even relevant these days, since they don't seem to be actually heeded?
I wonder about replacing the existing penalties with taxes. A firm can ignore a regulation, but what would happen is a tax would kick in at a stiff percentage of their net worth or overall revenue (not profit, as that can be easily messed around with.) So, if a firm wants to leave credit card numbers in the clear, great... they will end up taxed to oblivion.
In most companies, someone poking around would have their access clamped shut by an internal IPS, with SMS messages going out to admins via the IDS.
I'm sure there has to be a perfectly justifiable way to explain this, but almost any corporate network tends to be well segmented, with finance being the most locked down of any area [1]. Unless the internal fabric got compromised, this shouldn't have happened unless it was an attack with a lot of collusion from parties inside the organization.
[1]: One place I worked at had the machines in finance completely disconnected from the Internet, and were separated from each other (no file sharing possible unless going through the company servers.) If people wanted to browse the Web, they used Citrix receivers and a terminal server, which was configured to not let files in or out. Said machines were not just locked down via AD, but used both BitLocker (to keep the machines from being booted from other media) and DeepFreeze [2] to help ensure that if malware did get on the boxes, it wouldn't persist. All data was stored on remote machines. So far, AFIAK, these precautions did a good job at keeping bad guys out.
[2]: DeepFreeze isn't 100%, but it does come in handy as an additional tool for a locked down environment to keep things clean.
If they have a technology to make chips have their underlying silicon substrate crack into unusable bits, that is one thing... but wouldn't e-fuses and on-die capacitors be another route to this with established technology? e-fuses may not be Michael Bay type of material, but the ability to render CPUs, RAM, ASICs, and other silicon on a board completely unusable on a physical basis might be just as good.
Until fusion is everywhere, not one single energy source can serve our needs:
1: Thorium fission reactors need a look at. Yes, there have been working ones, almost 40 years ago. Cheap, effective, scalable, and a lot of energy in a relatively small chunk of real estate.
2: We need energy dense batteries. We have come a long way, but things will change big time when we start getting within an order of magnitude of gasoline for energy stored per volume. When this happens, car engines can be tossed for electric motors.
3: With all the advances in solar, from window tint PV panels to cheap panels for large surfaces, to high efficiency panels to get the best bang per buck out of small areas (RV rooftops), solar is a "why not?", rather than a "why?". The best use would be hybrid systems that can charge batteries, and when the batteries are charged, then feed the grid. That way, one is guaranteed very clean power on the circuits the batteries feed (assuming a quality inverter.) Solar is a must have for virtually any installation.
If I -have- to use Flash, I fire up a VM that has a normal (no admin access) user account and run it under a sandboxed Web browser. That way, if/when an exploit happens, it would have to be a very good one to get out of the sandbox and a full context as a user, get Administrator rights, then bash the hypervisor to get out of that.
Not 100%, but it is easy to use, and when done, a closing of the VM rolls all changes back.
VMWare apparently wants more people to start paying for vSphere, so the ESXi 5.5 client supports basic features, but not the new stuff. Want that, you have to do a web client install, which means having vSphere up and running (and licensed.)
It would be nice if they dispensed with Flash as well.
In any case, what happens is that someone finds a strategy to win that ends up being along the lines of out-obnoxious-ing the other side, which makes things less entertaining overall.
A Chromebook might be useful as a secure terminal if one is running a Citrix XenDesktop [1] installation. That way, if the laptop is stolen, there isn't anything on it that is confidential.
[1]: I wish there were an alternative to Citrix that had a client app that worked on iOS and Android... something that didn't require a third party server that middle-manned the connection, which virtually all the remote session stuff have. I want the authentication to be at my end, not trust a third party with the keys to my network's perimeter.
It reminds me of how people started kiai-ing in tennis matches. Yes, it startled people at first and provided a competitive edge, now it just makes matches a little bit more annoying to watch... now that everyone does it. Same with having groups blast their vuvuzelas constantly during the Olympics because the side not doing it lost more.
One idea I've been thinking of is having a small PC, fanless, and with a SSD. Then, using a 10gigE or even a gigabit Ethernet connection directly to an iSCSI box that would be either placed in the attic or a well-sound-attenuated place. That way, I have the best of both worlds... no fans, no drives, little noise, while having decent drive capacity.
I'd just like a standard PC in that form factor. The only real "full" PC I've seen that might be decent would be Apple's Mac Mini, especially in the video department.
Something that size with 128GB SSD, decent CPU, decent GPU, and 8-16 GB of RAM would be a nice change, and since it would mount on the monitor (if it followed the VESA standard), it would be completely out of the way.
Slashdot Mirror
The Ford oil gauges on my two vehicles have two points... full, and empty. It isn't an actual gauge. Similar with the voltmeter, and even though I've had the temptation to slap a Trimetric meter somewhere near the dash, I've not been bored enough to do so.
I do recommend for all Fords, getting a Scangauge II, because it gives meaningful info from the OBD II port.
With some vehicles, it is even worse. The "chicken tax" forces Mercedes to assemble vans in Germany, partially dismantle them, send them over to the US for a final "re-assembly" (not sure how finished the fans are... could be just attaching the mirrors and calling that done.)
There are two parts to self-destructing messages:
1: The part where it gets eradicated from servers.
2: The part where it gets zapped from endpoints.
Part 2 falls under DRM... someone, somewhere will find a way around it [1]. The best way to handle this is similar to PGP's -p flag -- have a private viewer to let the user know this shouldn't be copied, and stop right there. A determined user will find a way to keep track of something, no matter what anti-copy measures are in place.
Now, part 1 is the part that actually matters. There was a proposed expiration algorithm that used a peer to peer setup where when keys expired, they expired on all the peers. That way, not just one system compromised would get an expired key back. If the key was not expired, the peers would hand over the pieces.
Of course, this is easily attacked by having a lot of bogus peers in the mix who will not expire keys. However, as all security measures, the perfect is the enemy of the good, and this is a step up.
[1]: Barring something expensive like high def satellite encryption which has yet to have a meaningful crack.
Even better, print it in one location, then hot-stamp it into the plastic of the router's case, filling the indentation left by the letters with an self-curing epoxy (so the stamped password doesn't wear away over time). It won't be 100%, but at least if the sticker wears off, the password is still present. Another way is to have a sticker, then a metal tag that gets stamped by a press, and is attached securely in a recessed place on the case (so if the glue fails over time, the tag doesn't fall off.)
Even better would be having the default SSID be unique with a number that isn't related to the serial or the Wi-Fi key.
Of course the best of all worlds is having the router have a panel and screen that, after a reset, requires configuration from that for basic functions before it ever flips a packet between interfaces. That way, the user sets their own password, username, and password, so there is never a default for intruders to guess.
To me, it is simple: A LTO-4 tape native capacity is 800GB, each tape $30. That's $375 for 10 terabytes. If I wanted to move to LTO-6, that's $75-$80 a tape, so that's $320 for 10 terabytes uncompressed for four tapes.
Ten TB of VNX space or Avamar space is going to cost you seven digits minimum, probably eight once EMC is done making you pay for all the options. Yes, there is "magic" with deduplication, but even that will fill up shortly.
To boot, unlike Avamar or disk storage, the energy cost of having stored tapes is just HVAC, no having to keep spindles twirling. Plus, tapes are easy to keep physically secure. An intruder in Elbonia would have to get someone on site and into the tape safe to access stored data there, compared to just kicking open a cloud provider and snarfing data from their backend arrays without needing to bribe/coerce someone to physically grab the media and stuff the tape in the silo.
However, tape is "your father's Oldsmobile", and even though it does work, the disk and cloud salespeople always end up getting the PHBs to spend the big bucks on something that ends up getting completely used up within days to weeks.
LTO-4 is the minimum I'd probably go with these days, because it is the first generation to have hardware based AES encryption via SCSI SPIN/SPOUT commands. Most sane backup software (NetBackup for example) can use this, so to protect media, one just makes a password, makes sure the CTO and CIO not just know it, but have it stashed in a folder somewhere, and then maybe change it once a year (leaving the older passwords in the silo's memory for easy reading of older tapes.)
PHBs love the concept of deduplication and disk to disk (a la Avamar)... but eventually that disk fills up, and it fills up far quicker than expected, so it has to go somewhere... and on the enterprise level, nothing beats tape for getting space free on the spindles (assuming one stores multiple copies of the data, preferably with one copy going offsite [1])
[1]: Yes, IM had a facility get toasted, but there is a risk with every media. Cloud stuff can have issues. If one follows basic practices and a tiered data retention system (important data gets backed up in more places, and saved more often), even a loss of an outside facility can be recovered from.
It started with Exchange 2007, and 2012 goes that way. By default, Server Core is standard, and if one needs the full UI, unlike 2008 R2 and earlier... two commands and a reboot, and you have the usual MS UI ready to go.
I'm sure the eventual goal is to have servers be Server Core only with a client having UI management tools, because the UI is something that has to be explicitly selected now.
Of course, it would be nice if Windows had sshd available without a third party utility, but we can dream.
This might be a way to bully/troll someone. Find what their account name is, then make an account with the identical name on every botting site. Of course, account names are hard to come by, but it is a way for someone to cause mischief, similar to people who create bogus FB profiles.
I've not understood why the FTP servers at least had some sanity checks on them, if unencrypted FTP has to be used:
1: If the server is used by business "A" to feed business "B" data to their server, then business "B"'s FTP server should have TCP wrappers installed/configured, and business "A"' should consider using a static IP address for outgoing stuff. This won't help much with authentication, but passwords cannot be brute forced if the server doesn't allow connections in the first place.
2: Even better, both business "A" and business "B" should have their routers do tunneling so the FTP server can sit on a DMZ and not be exposed to the raw Internet.
I've seen some confusion about the term sftp:
1: It can mean FTP over SSL/TLS.
2: It can mean creating a SSH tunnel, then using "plain old" FTP [1].
3: It can mean using ssh's file transport protocol which has nothing to do with the old FTP method.
[1]: This is harder than it looks with even passive FTP, especially with Windows boxes.
When I see "sftp", I think the ssh facility, but I always try to make sure it is clear what I'm meaning.
Maybe I'm just naive, but if one is using SSH or FTP over the Internet, shouldn't it be par for the course to use public key authentication, perhaps with a two factor system as backup? That way, if a SSH server gets compromised, there are no passwords for an attacker to steal. This is just basic stuff, like configuring your Exchange server to not relay every message sent to it.
I use Titanium Media Sync for the files and Titanium Backup for everything else. If one is afraid of Dropbox or a cloud service, then that is one issue. However, if one is just backing up apps, Titanium Backup has very good encryption (encrypting, it uses a public key, decrypting, it prompts and unlocks a private key.)
Of course, Dropbox's app does a good job for saving photos to its storage.
If one needs encryption, there are always programs that use EncFS that remote sync to cloud providers. This allows files to be stored on Dropbox, et. al. encrypted completely.
This wouldn't even be a Constitutional challenge. A plane is private property. The First Amendment doesn't give the right for someone to demand what they want on non-public territory, even if the "grounds" constitute an aluminum tube. The cases of Pruneyard Shopping Center vs. Robins and Kings Mall vs. Wenk will be pulled out and it will be asserted by the defense that the plane constitutes a similar place as a shopping mall, thus not protected by the 1A.
I just don't get IBM's motive. In the past, they were a one stop shop for a business. Yes, expensive, but no matter what broke, be it software, hardware, or the application, the IBM CE either could fix, or could get someone on the line who would be able to deal with the problem.
Then they sold most everything.
Other than becoming a new EDS with mainframes, what is IBM going to gain by this long-term strategy? Each market they hand over is one that could end up a bonanza should a trend change in the IT world. Storage and SSD come to mind.
Going to just mainframes won't help much -- zSeries machines are still the best hardware out there, but not everyone needs Parallel Sysplex, and a lot of companies are moving to Facebook's model of running with a craptastic generic hardware stack, with all the redundancy in the backend application programming.
PS: #insert grumble about beta here.
Even if a phone can be killed, it likely won't drop crime that much. Unlike car radios which were pretty much made useless by the fact that OEMs have decent audio from the factory, smartphones will still make money when parted out. In fact, if an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there, which is good money.
An iPad or tablet is even more cash for parts.
So, with this in mind, yes, killing the device might stop it from being sent to Mexico and used there, but for the most past, IMEI blacklists have similar functionality.
To boot, we already have that functionality in place. Any device running iOS 7.x will require the user's AppleID and password before it will activate, so stealing an iPhone in order to resell the unit is an exercise in futility.
PS: Insert beta rant here.
Maybe I've not seen an example of this, but there is a point where a I've not seen any meaningful enforcement of these regulations, be it PCI-DSS3, HIPAA, FERPA, Sarbanes-Oxley, or others. For example, from what has been shown in previous examples, PCI is almost a joke and given lip service at best. Tokenization of card numbers? Yeah, right.
Are these laws even relevant these days, since they don't seem to be actually heeded?
I wonder about replacing the existing penalties with taxes. A firm can ignore a regulation, but what would happen is a tax would kick in at a stiff percentage of their net worth or overall revenue (not profit, as that can be easily messed around with.) So, if a firm wants to leave credit card numbers in the clear, great... they will end up taxed to oblivion.
In most companies, someone poking around would have their access clamped shut by an internal IPS, with SMS messages going out to admins via the IDS.
I'm sure there has to be a perfectly justifiable way to explain this, but almost any corporate network tends to be well segmented, with finance being the most locked down of any area [1]. Unless the internal fabric got compromised, this shouldn't have happened unless it was an attack with a lot of collusion from parties inside the organization.
[1]: One place I worked at had the machines in finance completely disconnected from the Internet, and were separated from each other (no file sharing possible unless going through the company servers.) If people wanted to browse the Web, they used Citrix receivers and a terminal server, which was configured to not let files in or out. Said machines were not just locked down via AD, but used both BitLocker (to keep the machines from being booted from other media) and DeepFreeze [2] to help ensure that if malware did get on the boxes, it wouldn't persist. All data was stored on remote machines. So far, AFIAK, these precautions did a good job at keeping bad guys out.
[2]: DeepFreeze isn't 100%, but it does come in handy as an additional tool for a locked down environment to keep things clean.
#insert
If they have a technology to make chips have their underlying silicon substrate crack into unusable bits, that is one thing... but wouldn't e-fuses and on-die capacitors be another route to this with established technology? e-fuses may not be Michael Bay type of material, but the ability to render CPUs, RAM, ASICs, and other silicon on a board completely unusable on a physical basis might be just as good.
Until fusion is everywhere, not one single energy source can serve our needs:
1: Thorium fission reactors need a look at. Yes, there have been working ones, almost 40 years ago. Cheap, effective, scalable, and a lot of energy in a relatively small chunk of real estate.
2: We need energy dense batteries. We have come a long way, but things will change big time when we start getting within an order of magnitude of gasoline for energy stored per volume. When this happens, car engines can be tossed for electric motors.
3: With all the advances in solar, from window tint PV panels to cheap panels for large surfaces, to high efficiency panels to get the best bang per buck out of small areas (RV rooftops), solar is a "why not?", rather than a "why?". The best use would be hybrid systems that can charge batteries, and when the batteries are charged, then feed the grid. That way, one is guaranteed very clean power on the circuits the batteries feed (assuming a quality inverter.) Solar is a must have for virtually any installation.
If I -have- to use Flash, I fire up a VM that has a normal (no admin access) user account and run it under a sandboxed Web browser. That way, if/when an exploit happens, it would have to be a very good one to get out of the sandbox and a full context as a user, get Administrator rights, then bash the hypervisor to get out of that.
Not 100%, but it is easy to use, and when done, a closing of the VM rolls all changes back.
VMWare apparently wants more people to start paying for vSphere, so the ESXi 5.5 client supports basic features, but not the new stuff. Want that, you have to do a web client install, which means having vSphere up and running (and licensed.)
It would be nice if they dispensed with Flash as well.
s/Olympics/World Cup...
In any case, what happens is that someone finds a strategy to win that ends up being along the lines of out-obnoxious-ing the other side, which makes things less entertaining overall.
A Chromebook might be useful as a secure terminal if one is running a Citrix XenDesktop [1] installation. That way, if the laptop is stolen, there isn't anything on it that is confidential.
[1]: I wish there were an alternative to Citrix that had a client app that worked on iOS and Android... something that didn't require a third party server that middle-manned the connection, which virtually all the remote session stuff have. I want the authentication to be at my end, not trust a third party with the keys to my network's perimeter.
It reminds me of how people started kiai-ing in tennis matches. Yes, it startled people at first and provided a competitive edge, now it just makes matches a little bit more annoying to watch... now that everyone does it. Same with having groups blast their vuvuzelas constantly during the Olympics because the side not doing it lost more.
One idea I've been thinking of is having a small PC, fanless, and with a SSD. Then, using a 10gigE or even a gigabit Ethernet connection directly to an iSCSI box that would be either placed in the attic or a well-sound-attenuated place. That way, I have the best of both worlds... no fans, no drives, little noise, while having decent drive capacity.
I'd just like a standard PC in that form factor. The only real "full" PC I've seen that might be decent would be Apple's Mac Mini, especially in the video department.
Something that size with 128GB SSD, decent CPU, decent GPU, and 8-16 GB of RAM would be a nice change, and since it would mount on the monitor (if it followed the VESA standard), it would be completely out of the way.