A lot of distributions offer LUKS encryption on bootup. I'd highly recommend going that route.
As for storing a Wi-Fi key plaintext, I consider it a nonissue because any program that gets root will be able to get the Wi-Fi password anyway, and even if it is obfuscated, there will always have to be a way to de-obfuscate it.
Unfortunately, for some notebook items, you will have to pay through the nose for it. Dell Latitudes have some decent options... but you will be paying over a thousand for one, especially once you hit the ultrabook tier.
Of course, touch screens are becoming standard issue in laptops (which to me is pointless since it is easier to use a keyboard/trackpad than smudge the screen up... but to each his/her own.)
I might add a cautious exception to this. There are some x86 tablets (like the MS Surface Pro) which are coming along well enough that if they have a decent docking station that supports USB (for backup drives, keyboards and other HID items), a plug for a monitor, a Thunderbolt port or two for faster drives, it may be that a tablet can function as someone's sole computer. The video on newer x86 tablets won't handle the next Crysis iteration, but for most gaming, it is OK. With 8GB of RAM, that will do for a number of tasks, similar with the onboard SSD storage. To boot, it provides decent security, as BitLocker [1] is easy to enable.
So, for most tablets, I'd say "no" with qualifications as the parent. However, one can make an x86 tablet running Windows function identically to a desktop, so that would be a cautious exception.
[1]: Until MS gets a new BIOS rev, be careful on enabling the TPM PIN, as it won't be enterable on the display, and you will need to hit the volume-down (minus) rocket for the Surface Pro to scan for HID items. BitLocker will work just with the TPM, or with the TPM and a USB flash drive as usual.
One can use storage with a parallel port. However, the host must have specific drivers for it ready to go. So, plugging in a Wi-Fi card into a SD slot will physically work, but it is an unlikely attack avenue, just because the machine isn't likely to load drivers for it, configure an IP stack, fire up DHCP and turn that adapter on.
USB is a different animal. Plug in a device, and most USB stacks already have HID drivers, mass storage drivers, printer drivers, and other items ready to go. Unless it was explicitly pared down to only allow mass storage devices to be presented, a USB port can have unintended consequences.
The ironic thing is that even the cheapest, no-name Android phone has better protection than ATMs against this avenue of attack, assuming a bootloader with a signing process.
eCS/2 (eComStation, the company that is maintaining OS/2) still is used in some ATMs. If the OS works, is well maintained, and has earned its bones, why change? ATMs have not changed much in 10-20 years, other than maybe display a news blurb or the daily weather on the demo screens. Might as well keep with what works.
CentOS will automount removable flash drives under the/media directory. Similar with optical media. One can disable this so media will need manually mounted to be used. It won't run or execute anything on the drives though... just mount it and have it usable for the user.
I've wondered why ATMs are not designed with some defense in depth. Yes, the cash pile and outer case tend to be well armored, but I wonder about having the core computer be in a tamper resistant case, similar to a HSM, with software for copying signed updates [2]. There wouldn't be a USB port, but just a port for a SD card (a USB card can register as more than just a drive, so having just a SD card prevents that) and a restricted interface for updates might help things. If the case holding the core CPU is opened, the module with the core keys for PIN encoding/decoding would fry itself automatically, similar to how physical tampering on a HSM will cause it to zero itself.
[1]: Always amuses me (except if I have to get cash out) to see a WGA piracy warning, or (if the ATM doesn't get updates) a demand for activation. That is a failure on the part of the ATM maker because they really should have specced XPe, not XP. As an added bonus, XPe can redirect all writes to a different area so the OS can be on a read-only SSD.
[2]: Could be just a simple bootable BSD partition with netpgp that copies the OS image to a temporary directory, checks to see if the signature is valid, then if so, uses dd to write do the final writing.
I thought of that, but it would replace bad public schools with bad private schools, likely owned by a large company which would pay the teachers and everyone minimum wage, provide a craptastic education, skim everything off the top, get lawmakers to enact barriers to entry, preventing smaller schools from being able to get by, and make life a living hell for any kids who are not willing to toe the line 100% until they graduate. It would be extremely doubtful for graduates to have an education good enough to even secure a berth in a tier 1 college versus the stiff foreign competition.
Choosing foreign news sources is pretty much the only way to get decent, objective content about what is going on. European sources are a good bet, and even Al Jazeera has become a solid source of info. They are not completely unbiased, but the information is useful compared to the news channels in the US that (IMHO, of course), approach sensationalist fiction.
Here in the US, it isn't about putting info on subscribers' screens. It is about putting stories up that get eyeballs and get people polarized. When in doubt, kick the old gun control thing around, or reinvent Terri Schiavo.
As for Slashdot, nothing is perfect, but at least overt BS does get challenged in short order, which is one of the few places where that occurs.
I'd also like to see a control group and a larger sample size, with double-blind testing.
This is a nice piece of info, but there is a big difference between an anecdote versus a properly conducted scientific study that can be checked off in a peer reviewed paper.
You might just be right. I overlooked the part about the "software emulation".
If it worked just like the Atrix phones where it ran Android and a Linux distro at the same time on different CPUs, that is one thing.
Running Android in a VM might be workable, but that isn't that much better than using VirtualBox or one's VM application of choice and running their favorite OS inside of that. A VM is better because when done with browsing and assuming one has a way to save bookmarks, a snapshot rollback is a good way (not 100%; nothing is) to ensure that any drive-by downloads picked up during a browsing session are ditched.
Since this is software emulation, does this means that the "PC Plus" machines have a built in hypervisor?
One of the biggest causes of malware are attacks on the Web browser and its add-ons. Android is a lot more secure in this regard, so having the ability to browse the Web with the code executing well away from the Windows side will be a very useful security gain.
It won't stop Trojans, but it will help address one major vector for infections.
I'd buy one of these "PC Pluses" just because I do know that the Android side will almost always be usable. I won't be able to do the advanced workflow or run the usual applications and games as I do on Windows, but for a number of tasks, the Android side will be good enough. Plus, with root, it can serve as a way to offload some UNIX functions such as a caching DNS, squid cache, etc.
To me, FB was becoming too much of an "all eggs in one basket" type of site. It handles authentication for third parties, a gaming platform, messaging, calendars, contact lists. None of this is something unique to FB, because other applications or websites have been doing this.
Then there are the concerns about privacy. At least SnapChat offers the illusion of privacy which people are wanting since there have been stories and stories about FB data falling into the wrong hands [1].
To boot, I don't know anyone that really _likes_ FB. At best the service is tolerated because it is expected. However, G+, VK, and other social networking sites offer virtually the same thing, so there isn't anything other than critical mass that makes FB stand out to a subscriber base [2].
[1]: One example personally was someone tagging me while I was browsing a humidor in a FB pic. A week later the health insurance company I had at the time then sent a demand letter that I either go for a physical or pay smoker's rates.
[2]: Advertisers and their backend are different, as FB is extremely good, but this isn't as visible to the product (i.e. accountholders.)
Maybe a compromise would be to anonymize the postings. I can see this done one of three ways:
1: Change the postings from the real name to Former-User-1234 (where 1234 is a unique ID code for that one user.)
2: Change the postings where the Former User ID code is just the same code during the message, but is different on a different thread.
3: Change the postings from the real name to "Former User" without a differentiating extension. This way, nobody reading messages knows who posted it.
This is a tough one... sometimes the right for a user to pull their messages is not as big as the right for a thread to make sense. Slashdot has worked this way (once posted, it is permanent record) for quite a long time.
On the other hand, why does every single piece of art have to be solely judged by how much revenue it takes in? Is a documentary about some event far less important in history than a zombie movie just because it doesn't pack the cinemas?
This is why US movies tend to follow the exact same cookie-cutter plotline without deviation.
I hate to say this as someome from the US, but the serving of yogurt from Starbucks has more culture than anything the big, mainstream movie houses churn out these days. There are decent US films, this is shown by what sometimes pops up at South by Southwest in Austin each year, but the mainstream stuff coming from the US, not so much [1].
[1]: Although when at the Alamo Drafthouse, after a few good beers, almost anything on the big screen can end up watchable.
Here in Texas, the difference between a F-250 and a F-350 is a set of leaf springs. I'm not sure how it is in other parts of the US, but like in Canada, there isn't any point in buying a F-250 unless one manages to get a really good deal on a model.
Other than the length penalty (which can be one foot on up), if one needs a work truck, might as well go with a one ton model. It gives factory ability to use a gooseneck or fifth wheel hitch, secondary alternator that can come in handy, snowplow attachments, and so forth. Trying to use a fifth wheel on a half-ton might void the warranty, and with unibody pickups, it might void a good chunk of the vehicle as well.
The one advantage of a hybrid in a commute vehicle is at a standstill, the hybrid just needs to keep the climate control system going. It doesn't have to keep turning a crankshaft at idle RPMs in addition.
I'd like to see more vehicle concepts of the lines of relegating the diesel engine to generator status, while the electric motors do the actual work. Done right, instead of having to design an engine every few years, one can just use a standard Onan or Kohler generator that would feed the battery when it gets low.
I'd like to see about a hybrid truck as well, perhaps a hybrid TDI because of the inherent fuel economy advantages of a modern diesel. As a side advantage, it can have an inverter, and be used as a generator at the jobsite -- one less piece of equipment taking space and possibly getting stolen.
F-150s tend to be grocery getters, so I can understand why Ford is going the aluminum route, since it is the best MPG savings per buck to get them better with EPA CAFE standards.
In my experience, that isn't the case. If I were recommending a machine to someone who makes their living by what they do on it, I'd point them to Apple and have them get the AppleCare warranty. Apple's CS is just outstanding on the consumer level.
The business side, not so much. Apple isn't interested in the enterprise right now, so for businesses, I'd point them to HP or Dell, and tell them to buy a "gold" level of support.
I wouldn't say, "most". You read/hear about the horror stories, but in general, there are a lot of decent stories of people making it decently (and decently meaning having a decent comfort level.) If one builds a place to code (which is wise in any case), there shouldn't be any issues for the most part.
There are various degrees of off-grid living. One could just park a travel trailer on some land and call it home at one extreme, bringing water in and taking black/grey water to a dump station. Then there is living with grey water reclamation so that clothes washer water doesn't go to waste and other ways to minimize dependency on utilities.
In reality, even if I had a home that had a decently sized solar array, I'd still spend the 3000 bones and have a pole dropped, just because there are some appliances such as HVAC that just can't be run from solar and batteries. If the grid does drop, there wouldn't be A/C, but there are always fans which done right, do help. Some can even run small room A/Cs off their solar arrays.
Yes, utilities can refuse to accept power from people's solar inverters, but what that will result in is people still remaining on solar... but going with off-grid setups. Instead of the panels going to the inverters, then to the grid tie, people will be going with panels, charge controllers, battery setups, then auxiliary power panels to provide emergency power, or even just move some low current use circuits permanently off the mains.
Computers and electronics are an ideal candidate for this. A good PSW inverter would provide pretty much all the capability a UPS has. To boot, if solar doesn't get enough energy to keep up with the batteries, smarter charge controllers can tap mains voltage to (literally) rectify that issue.
As for the utility companies, there isn't much they can do about solar electric circuits that are in no way connected to their grid, other than demand code that all internal house wiring is mains connected, and no wiring can be 12/24/48 volts DC inside the house.
On RV related websites, "dryer receptacles" are a chief cause of magic smoke loss in people's rigs. That, or a rushjob done by an electrician who just had both legs wired up instead of one leg and neutral. Even a master electrician might end up things wrong, so it can't hurt to pull out the multimeter and check oneself.
One of the few ways RV-ers have to reliably tell is if they have a portable EMS like from Progressive or another brand. It is smart enough to notice undervoltage or overvoltage and safely shut off so stuff behind it doesn't fry, arc, or just phase change from solid to gas permanently.
I wonder how well the charger would handle a 120VAC, 50 amp circuit. This has two legs that give 50 amps each and 120VAC to neutral... or the legs can be used directly for 240VAC. This circuit is a fairly common one for RVs.
Ancient Egypt used "small beer", which had a low ABV, as a daily drink because the water up and down the Nile was not drinkable. Beer wasn't just something to get sloshed on, but something to actually imbibe to survive, day by day.
Of course, ships needed something, be it beer (as in the above mentioned link) or grog to keep the bugs out of the drinking water supply.
This gets me curious about homebrewing a batch of something as I can get accurately towards an Egyptian small beer. It might be a decent Gatorade replacement.
Slashdot Mirror
A lot of distributions offer LUKS encryption on bootup. I'd highly recommend going that route.
As for storing a Wi-Fi key plaintext, I consider it a nonissue because any program that gets root will be able to get the Wi-Fi password anyway, and even if it is obfuscated, there will always have to be a way to de-obfuscate it.
Unfortunately, for some notebook items, you will have to pay through the nose for it. Dell Latitudes have some decent options... but you will be paying over a thousand for one, especially once you hit the ultrabook tier.
Of course, touch screens are becoming standard issue in laptops (which to me is pointless since it is easier to use a keyboard/trackpad than smudge the screen up... but to each his/her own.)
I might add a cautious exception to this. There are some x86 tablets (like the MS Surface Pro) which are coming along well enough that if they have a decent docking station that supports USB (for backup drives, keyboards and other HID items), a plug for a monitor, a Thunderbolt port or two for faster drives, it may be that a tablet can function as someone's sole computer. The video on newer x86 tablets won't handle the next Crysis iteration, but for most gaming, it is OK. With 8GB of RAM, that will do for a number of tasks, similar with the onboard SSD storage. To boot, it provides decent security, as BitLocker [1] is easy to enable.
So, for most tablets, I'd say "no" with qualifications as the parent. However, one can make an x86 tablet running Windows function identically to a desktop, so that would be a cautious exception.
[1]: Until MS gets a new BIOS rev, be careful on enabling the TPM PIN, as it won't be enterable on the display, and you will need to hit the volume-down (minus) rocket for the Surface Pro to scan for HID items. BitLocker will work just with the TPM, or with the TPM and a USB flash drive as usual.
One can use storage with a parallel port. However, the host must have specific drivers for it ready to go. So, plugging in a Wi-Fi card into a SD slot will physically work, but it is an unlikely attack avenue, just because the machine isn't likely to load drivers for it, configure an IP stack, fire up DHCP and turn that adapter on.
USB is a different animal. Plug in a device, and most USB stacks already have HID drivers, mass storage drivers, printer drivers, and other items ready to go. Unless it was explicitly pared down to only allow mass storage devices to be presented, a USB port can have unintended consequences.
The ironic thing is that even the cheapest, no-name Android phone has better protection than ATMs against this avenue of attack, assuming a bootloader with a signing process.
eCS/2 (eComStation, the company that is maintaining OS/2) still is used in some ATMs. If the OS works, is well maintained, and has earned its bones, why change? ATMs have not changed much in 10-20 years, other than maybe display a news blurb or the daily weather on the demo screens. Might as well keep with what works.
CentOS will automount removable flash drives under the /media directory. Similar with optical media. One can disable this so media will need manually mounted to be used. It won't run or execute anything on the drives though... just mount it and have it usable for the user.
I've wondered why ATMs are not designed with some defense in depth. Yes, the cash pile and outer case tend to be well armored, but I wonder about having the core computer be in a tamper resistant case, similar to a HSM, with software for copying signed updates [2]. There wouldn't be a USB port, but just a port for a SD card (a USB card can register as more than just a drive, so having just a SD card prevents that) and a restricted interface for updates might help things. If the case holding the core CPU is opened, the module with the core keys for PIN encoding/decoding would fry itself automatically, similar to how physical tampering on a HSM will cause it to zero itself.
[1]: Always amuses me (except if I have to get cash out) to see a WGA piracy warning, or (if the ATM doesn't get updates) a demand for activation. That is a failure on the part of the ATM maker because they really should have specced XPe, not XP. As an added bonus, XPe can redirect all writes to a different area so the OS can be on a read-only SSD.
[2]: Could be just a simple bootable BSD partition with netpgp that copies the OS image to a temporary directory, checks to see if the signature is valid, then if so, uses dd to write do the final writing.
I thought of that, but it would replace bad public schools with bad private schools, likely owned by a large company which would pay the teachers and everyone minimum wage, provide a craptastic education, skim everything off the top, get lawmakers to enact barriers to entry, preventing smaller schools from being able to get by, and make life a living hell for any kids who are not willing to toe the line 100% until they graduate. It would be extremely doubtful for graduates to have an education good enough to even secure a berth in a tier 1 college versus the stiff foreign competition.
Choosing foreign news sources is pretty much the only way to get decent, objective content about what is going on. European sources are a good bet, and even Al Jazeera has become a solid source of info. They are not completely unbiased, but the information is useful compared to the news channels in the US that (IMHO, of course), approach sensationalist fiction.
Here in the US, it isn't about putting info on subscribers' screens. It is about putting stories up that get eyeballs and get people polarized. When in doubt, kick the old gun control thing around, or reinvent Terri Schiavo.
As for Slashdot, nothing is perfect, but at least overt BS does get challenged in short order, which is one of the few places where that occurs.
I'd also like to see a control group and a larger sample size, with double-blind testing.
This is a nice piece of info, but there is a big difference between an anecdote versus a properly conducted scientific study that can be checked off in a peer reviewed paper.
You might just be right. I overlooked the part about the "software emulation".
If it worked just like the Atrix phones where it ran Android and a Linux distro at the same time on different CPUs, that is one thing.
Running Android in a VM might be workable, but that isn't that much better than using VirtualBox or one's VM application of choice and running their favorite OS inside of that. A VM is better because when done with browsing and assuming one has a way to save bookmarks, a snapshot rollback is a good way (not 100%; nothing is) to ensure that any drive-by downloads picked up during a browsing session are ditched.
Since this is software emulation, does this means that the "PC Plus" machines have a built in hypervisor?
One of the biggest causes of malware are attacks on the Web browser and its add-ons. Android is a lot more secure in this regard, so having the ability to browse the Web with the code executing well away from the Windows side will be a very useful security gain.
It won't stop Trojans, but it will help address one major vector for infections.
I'd buy one of these "PC Pluses" just because I do know that the Android side will almost always be usable. I won't be able to do the advanced workflow or run the usual applications and games as I do on Windows, but for a number of tasks, the Android side will be good enough. Plus, with root, it can serve as a way to offload some UNIX functions such as a caching DNS, squid cache, etc.
To me, FB was becoming too much of an "all eggs in one basket" type of site. It handles authentication for third parties, a gaming platform, messaging, calendars, contact lists. None of this is something unique to FB, because other applications or websites have been doing this.
Then there are the concerns about privacy. At least SnapChat offers the illusion of privacy which people are wanting since there have been stories and stories about FB data falling into the wrong hands [1].
To boot, I don't know anyone that really _likes_ FB. At best the service is tolerated because it is expected. However, G+, VK, and other social networking sites offer virtually the same thing, so there isn't anything other than critical mass that makes FB stand out to a subscriber base [2].
[1]: One example personally was someone tagging me while I was browsing a humidor in a FB pic. A week later the health insurance company I had at the time then sent a demand letter that I either go for a physical or pay smoker's rates.
[2]: Advertisers and their backend are different, as FB is extremely good, but this isn't as visible to the product (i.e. accountholders.)
Maybe a compromise would be to anonymize the postings. I can see this done one of three ways:
1: Change the postings from the real name to Former-User-1234 (where 1234 is a unique ID code for that one user.)
2: Change the postings where the Former User ID code is just the same code during the message, but is different on a different thread.
3: Change the postings from the real name to "Former User" without a differentiating extension. This way, nobody reading messages knows who posted it.
This is a tough one... sometimes the right for a user to pull their messages is not as big as the right for a thread to make sense. Slashdot has worked this way (once posted, it is permanent record) for quite a long time.
On the other hand, why does every single piece of art have to be solely judged by how much revenue it takes in? Is a documentary about some event far less important in history than a zombie movie just because it doesn't pack the cinemas?
This is why US movies tend to follow the exact same cookie-cutter plotline without deviation.
I hate to say this as someome from the US, but the serving of yogurt from Starbucks has more culture than anything the big, mainstream movie houses churn out these days. There are decent US films, this is shown by what sometimes pops up at South by Southwest in Austin each year, but the mainstream stuff coming from the US, not so much [1].
[1]: Although when at the Alamo Drafthouse, after a few good beers, almost anything on the big screen can end up watchable.
Here in Texas, the difference between a F-250 and a F-350 is a set of leaf springs. I'm not sure how it is in other parts of the US, but like in Canada, there isn't any point in buying a F-250 unless one manages to get a really good deal on a model.
Other than the length penalty (which can be one foot on up), if one needs a work truck, might as well go with a one ton model. It gives factory ability to use a gooseneck or fifth wheel hitch, secondary alternator that can come in handy, snowplow attachments, and so forth. Trying to use a fifth wheel on a half-ton might void the warranty, and with unibody pickups, it might void a good chunk of the vehicle as well.
The one advantage of a hybrid in a commute vehicle is at a standstill, the hybrid just needs to keep the climate control system going. It doesn't have to keep turning a crankshaft at idle RPMs in addition.
I'd like to see more vehicle concepts of the lines of relegating the diesel engine to generator status, while the electric motors do the actual work. Done right, instead of having to design an engine every few years, one can just use a standard Onan or Kohler generator that would feed the battery when it gets low.
I'd like to see about a hybrid truck as well, perhaps a hybrid TDI because of the inherent fuel economy advantages of a modern diesel. As a side advantage, it can have an inverter, and be used as a generator at the jobsite -- one less piece of equipment taking space and possibly getting stolen.
F-150s tend to be grocery getters, so I can understand why Ford is going the aluminum route, since it is the best MPG savings per buck to get them better with EPA CAFE standards.
In my experience, that isn't the case. If I were recommending a machine to someone who makes their living by what they do on it, I'd point them to Apple and have them get the AppleCare warranty. Apple's CS is just outstanding on the consumer level.
The business side, not so much. Apple isn't interested in the enterprise right now, so for businesses, I'd point them to HP or Dell, and tell them to buy a "gold" level of support.
I wouldn't say, "most". You read/hear about the horror stories, but in general, there are a lot of decent stories of people making it decently (and decently meaning having a decent comfort level.) If one builds a place to code (which is wise in any case), there shouldn't be any issues for the most part.
There are various degrees of off-grid living. One could just park a travel trailer on some land and call it home at one extreme, bringing water in and taking black/grey water to a dump station. Then there is living with grey water reclamation so that clothes washer water doesn't go to waste and other ways to minimize dependency on utilities.
In reality, even if I had a home that had a decently sized solar array, I'd still spend the 3000 bones and have a pole dropped, just because there are some appliances such as HVAC that just can't be run from solar and batteries. If the grid does drop, there wouldn't be A/C, but there are always fans which done right, do help. Some can even run small room A/Cs off their solar arrays.
Yes, utilities can refuse to accept power from people's solar inverters, but what that will result in is people still remaining on solar... but going with off-grid setups. Instead of the panels going to the inverters, then to the grid tie, people will be going with panels, charge controllers, battery setups, then auxiliary power panels to provide emergency power, or even just move some low current use circuits permanently off the mains.
Computers and electronics are an ideal candidate for this. A good PSW inverter would provide pretty much all the capability a UPS has. To boot, if solar doesn't get enough energy to keep up with the batteries, smarter charge controllers can tap mains voltage to (literally) rectify that issue.
As for the utility companies, there isn't much they can do about solar electric circuits that are in no way connected to their grid, other than demand code that all internal house wiring is mains connected, and no wiring can be 12/24/48 volts DC inside the house.
On RV related websites, "dryer receptacles" are a chief cause of magic smoke loss in people's rigs. That, or a rushjob done by an electrician who just had both legs wired up instead of one leg and neutral. Even a master electrician might end up things wrong, so it can't hurt to pull out the multimeter and check oneself.
One of the few ways RV-ers have to reliably tell is if they have a portable EMS like from Progressive or another brand. It is smart enough to notice undervoltage or overvoltage and safely shut off so stuff behind it doesn't fry, arc, or just phase change from solid to gas permanently.
I wonder how well the charger would handle a 120VAC, 50 amp circuit. This has two legs that give 50 amps each and 120VAC to neutral... or the legs can be used directly for 240VAC. This circuit is a fairly common one for RVs.
Ancient Egypt used "small beer", which had a low ABV, as a daily drink because the water up and down the Nile was not drinkable. Beer wasn't just something to get sloshed on, but something to actually imbibe to survive, day by day.
Of course, ships needed something, be it beer (as in the above mentioned link) or grog to keep the bugs out of the drinking water supply.
This gets me curious about homebrewing a batch of something as I can get accurately towards an Egyptian small beer. It might be a decent Gatorade replacement.