That is becoming the case in the US as well. There is a tend for Americans to be moving to the bigger cities, from the suburbs into apartments possibly with as little as 300 square feet of space (as per NYC laws.)
This is part of the reason why an x86 tablet might carve out a niche market, because for quite a number of users, it could completely replace the desktop, especially with a docking station for USB and Thunderbolt stuff.
I understand that UEFI Secure Boot is an issue, but for the MS logo certification, it requires UEFI Secure Boot be able to be switched off. On ARM Windows RT boxes, it is different, but on x86, it is a feature that generally helps more than it hurts.
The reason it helps, especially for the average user who will just use Windows, is that it protects against MBR and boot sector malware without requiring BitLocker and a TPM. Essentially herd immunity on one vector of infection.
PC hardware is "good enough" where games tend to not be pushing the envelope on graphics anymore.
Take Everquest: Next for example. Instead of continuing with detailed textures, they have decided to follow Blizzard's lead and go for the low-res, "cartoony" type of world. Part of this is due to their voxel technology, but part of it is so their game can run on almost anything.
PC games are not really declining either. GOG seems to be doing a good business, Steam is doing well, and even MS's store is hanging in there. If PC gaming really was dropping off, the game makers would have already left the platform in droves to focus on consoles only.
I think this is exactly the case. The desktop machine I use before my current one (bought last year around this time) lasted at least seven years, and the only real upgrade was a video card, and a card for more USB ports.
It isn't that desktop sales are declining. It is that tablets are expanding, and new niches are appearing.
Take the MS Surface Pro for example. For most gaming (other than the latest Crysis), it is good enough. It works well as a tablet, and when docked, it works well as a desktop replacement, except it doesn't have Thunderbolt for decently fast video or drive I/O. I'm sure some company will be making a tablet that will fix those issues. Then, why buy a desktop when a tablet that drops into a dock has virtually as much power?
Android/iOS tablets are also expanding. The line between a tablet and e-reader is extremely blurred, other than the dedicated e-Ink devices. Often, people want a general media consumption device, and a tablet tends to be good for that.
What I'd like to see compared is the server market. That would help with numbers because that market is a baseline and is not affected by consumer fickleness in general.
It may be easier, but in general, newer devices prompt the user to set up some form of authentication.
The PC is harder to grab, but usually Joe doesn't have BitLocker or FileVault enabled, so slurping data consists of just booting from other media and copying off files in the home directory. With a Mac, Joe might have Find iPhone enabled, but if the computer doesn't have an Internet connection, the kill/lock signal wouldn't reach it.
The phone or tablet, if locked, will disable itself after a few guesses, or prompt for a password. More sophisticated users will have some mechanism where it takes photos of who is trying to access it as well as find its location. Other users will trigger an erase as soon as they realize that it is missing.
I learned that the hard way when Mastercard's additional password dialog popped up in a tiny little iframe and couldn't be completed. Result -- no order completion until I pulled out my N7 and did the job with that.
For enterprise grade SAN use, there are features like snapshotting done by the SAN controller (so if malware does strike, it can't get anywhere other than foul up the present LUNs), and asynchronous replication to a remote site (which a larger enterprise will need.)
The bigger volumes, you want RAID 6 and hot spares. Otherwise, there is a good chance of getting caught with your pants down while a rebuild is taking place.
Then there is archival storage. Storing stuff as an archive on hard disks means that those platters are either spinning, consuming electricity, or being cycled on and off to make sure they have no corruption. An offline tape takes 0 watts when sitting on a shelf.
Tape isn't for everyone, but it still has its place in the enterprise, just like other media (be it HDD, SSD, or cloud storage.)
Join the asylum. I have had good luck with optical storage, and have been able to restore data from 1998 from burned CDs. This doesn't mean that I've not have had my share of coasters, but it is a decent, inexpensive medium to save data off securely.
It may not be exotic, but WinRAR and Nero have done a decent job at keeping files that I don't want cluttering my NAS.
In a previous life, I had to go to 10GB in order to get anywhere near the speed of LTO-6 media.
However, there is one advantage of LTO-4 and newer over LTO-3, and that is hardware tape encryption via SPIN/SPOUT commands. It doesn't sound like a big deal, but it gets rid of a lot of headaches fast, especially the fear of a tape falling off the back of the Iron Maiden truck doing its rounds.
LTO 4 and 5 are approaching price points that may seem expensive, but for a SMB, a dedicated server with one of the drives hanging from it via SAS might be a good way to do decent backups. Tapes do get bit rot, but there are a lot of legal checkboxes that are made happy by a tape drive. WORM tapes are good for copying quarterly records to (one for local, one for offsite), regular tapes are good for ensuring files are kept safely (once the tape is set read-only, the files are decently secure from most malware), and cartridges are not too expensive. I have seen LTO-3 tapes for $14 each not too long ago.
Of course, the price of tape is not having data online, but the benefit is cheap offline storage that is decently reliable. Not 100%, but more reliable than HDDs for the most part, and since it is stored offline, malware can't get to it.
If an attacker were brute-forcing against an account, something like sshguard or a lockout mechanism [1]. However, since hashed password lists like/etc/shadow are the target, once those are snarfed, those can be cracked at the blackhat's leisure. Stuff like bcrypt helps, but there is a balance between having a number of rounds high enough to slow down an attacker, versus it interfering with legitimate uses.
I have a dedicated appliance that is in testing stages which just stores usernames and hashes, and does not allow the whole database to be dumped at once to a remote site (access is done per user, and the only thing returned is "yes" or "no", so a bad password gives the same result as not having a username.) It will help with this, but still awaits any real commercial use.
[1]: I set Windows's mechanism on an AD forest to be only 3-5 minutes for a lockout, not 20. That is enough to stop the people trying random stuff, but not paralyze a user too long, assuming the attack isn't still going on.
These days, I just use a decent password manager (KeePass or Password Safe.) Of course, that comes with its own risks, but with so many passwords one uses, all should be unique [1], might as well have a system that uses a known good cryptographically secure RNG and a decent password length [2] does the trick.
[1]: That way, a cracked password from site "A" won't be able to get access to site "B".
[2]: Even now, some sites will choke at a password length greater than 8-10 characters.
I know a few people who have done AP/LP (asset prevention/loss prevention) work. They get people in all the time who will risk their future [1] on trying to boost items worth less than a C-note. Not "poor" people either, but often people who feel they don't have to stoop to the low of having to pay for something.
I have a feeling that if they have cameras on them, it will get pictures of some people with hoodies on, little else. Just like virtually any other CCTV photos used after a burglary.
[1]: Cue remarks about arrest records being used for job screenings instead of conviction records, NCIC databases, yadda, yadda. In any case, a ride downtown can be a career ender.
Where I live (fairly urban townhome), I have never had a package dropped off at my doorstop survive more than five minutes. If a package is delivered, because of the high traffic of people walking past, said package will be "picked up", likely on its way to a pawn shop as its next destination. It is so bad that any mailbox made out of metal will get stolen for its scrap value, so one ends up using a door slot or a plastic holder.
I just have packages delivered at a relative or friend's house, the friend lives 40 miles outside of Austin on an unpaved road. Takes a bit to drive there to get them, but a few dollars for gas is cheaper than completely losing the whole package's contents.
Re:Man invents new Security Camera!
on
R2-D2: Mall Cop
·
· Score: 1
I've read about some software that can automatically discern the shape of a held firearm and send an alert, be it a pistol, or rifle. Then, there are detectors used in places which can tell a gunshot and locate almost exactly where it took place.
Maybe that in combination with a patrolling robot might give an early warning should an event occur.
Will it actually work? Who knows. However, it might give a few minutes warning for a place to go into lockdown so an attacker has fewer targets to choose from.
Re:Don't get to cocky about your options ...
on
R2-D2: Mall Cop
·
· Score: 4, Insightful
More likely, it would be considered a violent felony to "tamper with a monitoring device used for law enforcement purposes" or some other stuff like that, with 20 minimum as a penalty.
Same reason that the red light and speed trap cameras don't get shot up.
Eventually it will. Space is the ultimate high ground, and the nation which controls space can just chunk pieces of metal from a satellite for nuclear-blast effectiveness. No need for nuclear weaponry when throwing rocks or metal rods, "The Moon is a Harsh Mistress" style works just as well.
Technology has improved greatly. This doesn't mean it will be trivial to do, but we got people on the moon with computers far less powerful than an embedded Bluetooth controller.
With the advancement of unmanned space probes, the path to get men back on the moon is made far easier. Things like a blown oxygen tank can be just a blip on a sensor, not a major funeral or cause to build a monument. Of course, this doesn't downplay the effort it takes to get stuff to the moon, but mistakes which would be in the history books would be relegated to "just" money lost, and if there is one thing China has, it is capital.
China is breaking ground, but this isn't completely uncharted territory. They have all of Russia's experience (and mishaps) to start off with.
1: The group is a collection of private keys, so when one encrypts to Alice's group, in reality, Alice, Bob, Charlie, David, Elizabeth, and Frank have a key encrypted with their public keys and stored. The good about this is that the keys are secured, and there are no intermediate steps. The bad is that if Alice boots Charlie from the group and adds Mallory, stuff encrypted to the group is still readable by Charlie and not by Mallory until the object's core unlock key [1] is unlocked, the old names removed and new ones added.
The second is having the group have its own key, which is unlocked by Alice, Bob, etc. If someone is booted from the group, their user has the key removed from it. This makes things easier in not having to partially decrypt an object to add stuff, but it means one more key generated and possibly compromisable.
[1]: Most encryption uses a core symmetric key that is randomly generated, then encrypts that core key using the user's hashed passphrase, their public key, or both. Public key crypto is very rough on the CPU, so it is only used as little as possible, and in general, symmetric key algorithms are more secure than public/private key ones.
There is always WinFLP (Windows Fundamentals for Legacy PCs), which Microsoft put out to compete with lightweight clients a few years back. Essentially it is a modified copy of XPe and doesn't have a number of features (no BlueTooth, etc.) that XP has. Another alternative is Windows Server 2003 which tends to be more lightweight than XP.
I'm in the same boat. I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.
For Web browsing in a VM, it is hard to beat XP for something that takes 512 MB of RAM, 16-24 gigs of disk space (partitioned into two disks, one for the system, one for scratch space for sandboxie's sandbox.) Its footprint is so light, the VM can stay resident on a box with 6-8 gigs of memory without issue, even with running fairly larger applications like Acrobat [1], Photoshop, Dreamweaver, and Flash.
I use Acrobat for producing PDFs for long term storage, FoxIt for viewing. So far, so good.
Keeping everything on paper may seem antiquated, perhaps slow... but it wasn't that long ago when a spreadsheet was a true ledger, but with someone who can do double entry bookkeeping, this isn't an impossible task.
It will be going back in time to the '60s and '70s, but for low-volume transactions, a business could get by with carbon paper (so entries are kept in duplicate or triplicate), ledgers, and such. If one is worried about calculators, there are mechanical adding machines which worked well. If one isn't worried about calculators, there are always the ones that print receipts available for cheap new or used.
So, going back to paper and pencil can be done. It will suck for businesses that do a lot of volume, but if one wanted real security, it is doable.
I also have to give props to Baen Publishing for that. they had some of their older classics offered for download as eBooks for no charge.
O'Reilly also does this, which is nice, as one can have the dead tree manual on the shelf at the office, while one can check the eBook and fix things when down in the data center.
Not another device to get hacked or add another point to be constantly monitored. I'll pass. Couple reasons why:
1: That temperature of water can be turned scalding quite quickly if someone manages to hack the device, and with a camera, there will be YouTube vids galore of people getting scalded.
2: I really don't want ads in my bathroom, nor cameras. No viewer or lackey in any intel organization or LEO deserves that punishment.
3: I also don't want another camera for some potential burglar to have access to via wardriving.
4: Technology for technology's sake is pointless. I want stuff in a bathroom to be simple and elegant. It is one of the few places in a building where I can get away from it.
5: I don't need another electronic item to break or need power.
Slashdot Mirror
That is becoming the case in the US as well. There is a tend for Americans to be moving to the bigger cities, from the suburbs into apartments possibly with as little as 300 square feet of space (as per NYC laws.)
This is part of the reason why an x86 tablet might carve out a niche market, because for quite a number of users, it could completely replace the desktop, especially with a docking station for USB and Thunderbolt stuff.
I understand that UEFI Secure Boot is an issue, but for the MS logo certification, it requires UEFI Secure Boot be able to be switched off. On ARM Windows RT boxes, it is different, but on x86, it is a feature that generally helps more than it hurts.
The reason it helps, especially for the average user who will just use Windows, is that it protects against MBR and boot sector malware without requiring BitLocker and a TPM. Essentially herd immunity on one vector of infection.
PC hardware is "good enough" where games tend to not be pushing the envelope on graphics anymore.
Take Everquest: Next for example. Instead of continuing with detailed textures, they have decided to follow Blizzard's lead and go for the low-res, "cartoony" type of world. Part of this is due to their voxel technology, but part of it is so their game can run on almost anything.
PC games are not really declining either. GOG seems to be doing a good business, Steam is doing well, and even MS's store is hanging in there. If PC gaming really was dropping off, the game makers would have already left the platform in droves to focus on consoles only.
I think this is exactly the case. The desktop machine I use before my current one (bought last year around this time) lasted at least seven years, and the only real upgrade was a video card, and a card for more USB ports.
It isn't that desktop sales are declining. It is that tablets are expanding, and new niches are appearing.
Take the MS Surface Pro for example. For most gaming (other than the latest Crysis), it is good enough. It works well as a tablet, and when docked, it works well as a desktop replacement, except it doesn't have Thunderbolt for decently fast video or drive I/O. I'm sure some company will be making a tablet that will fix those issues. Then, why buy a desktop when a tablet that drops into a dock has virtually as much power?
Android/iOS tablets are also expanding. The line between a tablet and e-reader is extremely blurred, other than the dedicated e-Ink devices. Often, people want a general media consumption device, and a tablet tends to be good for that.
What I'd like to see compared is the server market. That would help with numbers because that market is a baseline and is not affected by consumer fickleness in general.
It may be easier, but in general, newer devices prompt the user to set up some form of authentication.
The PC is harder to grab, but usually Joe doesn't have BitLocker or FileVault enabled, so slurping data consists of just booting from other media and copying off files in the home directory. With a Mac, Joe might have Find iPhone enabled, but if the computer doesn't have an Internet connection, the kill/lock signal wouldn't reach it.
The phone or tablet, if locked, will disable itself after a few guesses, or prompt for a password. More sophisticated users will have some mechanism where it takes photos of who is trying to access it as well as find its location. Other users will trigger an erase as soon as they realize that it is missing.
I learned that the hard way when Mastercard's additional password dialog popped up in a tiny little iframe and couldn't be completed. Result -- no order completion until I pulled out my N7 and did the job with that.
For enterprise grade SAN use, there are features like snapshotting done by the SAN controller (so if malware does strike, it can't get anywhere other than foul up the present LUNs), and asynchronous replication to a remote site (which a larger enterprise will need.)
The bigger volumes, you want RAID 6 and hot spares. Otherwise, there is a good chance of getting caught with your pants down while a rebuild is taking place.
Then there is archival storage. Storing stuff as an archive on hard disks means that those platters are either spinning, consuming electricity, or being cycled on and off to make sure they have no corruption. An offline tape takes 0 watts when sitting on a shelf.
Tape isn't for everyone, but it still has its place in the enterprise, just like other media (be it HDD, SSD, or cloud storage.)
Join the asylum. I have had good luck with optical storage, and have been able to restore data from 1998 from burned CDs. This doesn't mean that I've not have had my share of coasters, but it is a decent, inexpensive medium to save data off securely.
It may not be exotic, but WinRAR and Nero have done a decent job at keeping files that I don't want cluttering my NAS.
In a previous life, I had to go to 10GB in order to get anywhere near the speed of LTO-6 media.
However, there is one advantage of LTO-4 and newer over LTO-3, and that is hardware tape encryption via SPIN/SPOUT commands. It doesn't sound like a big deal, but it gets rid of a lot of headaches fast, especially the fear of a tape falling off the back of the Iron Maiden truck doing its rounds.
LTO 4 and 5 are approaching price points that may seem expensive, but for a SMB, a dedicated server with one of the drives hanging from it via SAS might be a good way to do decent backups. Tapes do get bit rot, but there are a lot of legal checkboxes that are made happy by a tape drive. WORM tapes are good for copying quarterly records to (one for local, one for offsite), regular tapes are good for ensuring files are kept safely (once the tape is set read-only, the files are decently secure from most malware), and cartridges are not too expensive. I have seen LTO-3 tapes for $14 each not too long ago.
Of course, the price of tape is not having data online, but the benefit is cheap offline storage that is decently reliable. Not 100%, but more reliable than HDDs for the most part, and since it is stored offline, malware can't get to it.
Station wagons are hard to find. I'd probably go with a Euro style van [1] or a crossover.
[1]: Sprinters are the best, Ducatos/ProMasters are decent, and Transits would be OK... but won't be on this side of the pond until next summer.
If an attacker were brute-forcing against an account, something like sshguard or a lockout mechanism [1]. However, since hashed password lists like /etc/shadow are the target, once those are snarfed, those can be cracked at the blackhat's leisure. Stuff like bcrypt helps, but there is a balance between having a number of rounds high enough to slow down an attacker, versus it interfering with legitimate uses.
I have a dedicated appliance that is in testing stages which just stores usernames and hashes, and does not allow the whole database to be dumped at once to a remote site (access is done per user, and the only thing returned is "yes" or "no", so a bad password gives the same result as not having a username.) It will help with this, but still awaits any real commercial use.
[1]: I set Windows's mechanism on an AD forest to be only 3-5 minutes for a lockout, not 20. That is enough to stop the people trying random stuff, but not paralyze a user too long, assuming the attack isn't still going on.
These days, I just use a decent password manager (KeePass or Password Safe.) Of course, that comes with its own risks, but with so many passwords one uses, all should be unique [1], might as well have a system that uses a known good cryptographically secure RNG and a decent password length [2] does the trick.
[1]: That way, a cracked password from site "A" won't be able to get access to site "B".
[2]: Even now, some sites will choke at a password length greater than 8-10 characters.
I know a few people who have done AP/LP (asset prevention/loss prevention) work. They get people in all the time who will risk their future [1] on trying to boost items worth less than a C-note. Not "poor" people either, but often people who feel they don't have to stoop to the low of having to pay for something.
I have a feeling that if they have cameras on them, it will get pictures of some people with hoodies on, little else. Just like virtually any other CCTV photos used after a burglary.
[1]: Cue remarks about arrest records being used for job screenings instead of conviction records, NCIC databases, yadda, yadda. In any case, a ride downtown can be a career ender.
Where I live (fairly urban townhome), I have never had a package dropped off at my doorstop survive more than five minutes. If a package is delivered, because of the high traffic of people walking past, said package will be "picked up", likely on its way to a pawn shop as its next destination. It is so bad that any mailbox made out of metal will get stolen for its scrap value, so one ends up using a door slot or a plastic holder.
I just have packages delivered at a relative or friend's house, the friend lives 40 miles outside of Austin on an unpaved road. Takes a bit to drive there to get them, but a few dollars for gas is cheaper than completely losing the whole package's contents.
I've read about some software that can automatically discern the shape of a held firearm and send an alert, be it a pistol, or rifle. Then, there are detectors used in places which can tell a gunshot and locate almost exactly where it took place.
Maybe that in combination with a patrolling robot might give an early warning should an event occur.
Will it actually work? Who knows. However, it might give a few minutes warning for a place to go into lockdown so an attacker has fewer targets to choose from.
More likely, it would be considered a violent felony to "tamper with a monitoring device used for law enforcement purposes" or some other stuff like that, with 20 minimum as a penalty.
Same reason that the red light and speed trap cameras don't get shot up.
Eventually it will. Space is the ultimate high ground, and the nation which controls space can just chunk pieces of metal from a satellite for nuclear-blast effectiveness. No need for nuclear weaponry when throwing rocks or metal rods, "The Moon is a Harsh Mistress" style works just as well.
Technology has improved greatly. This doesn't mean it will be trivial to do, but we got people on the moon with computers far less powerful than an embedded Bluetooth controller.
With the advancement of unmanned space probes, the path to get men back on the moon is made far easier. Things like a blown oxygen tank can be just a blip on a sensor, not a major funeral or cause to build a monument. Of course, this doesn't downplay the effort it takes to get stuff to the moon, but mistakes which would be in the history books would be relegated to "just" money lost, and if there is one thing China has, it is capital.
China is breaking ground, but this isn't completely uncharted territory. They have all of Russia's experience (and mishaps) to start off with.
I can see two ways to do groups:
1: The group is a collection of private keys, so when one encrypts to Alice's group, in reality, Alice, Bob, Charlie, David, Elizabeth, and Frank have a key encrypted with their public keys and stored. The good about this is that the keys are secured, and there are no intermediate steps. The bad is that if Alice boots Charlie from the group and adds Mallory, stuff encrypted to the group is still readable by Charlie and not by Mallory until the object's core unlock key [1] is unlocked, the old names removed and new ones added.
The second is having the group have its own key, which is unlocked by Alice, Bob, etc. If someone is booted from the group, their user has the key removed from it. This makes things easier in not having to partially decrypt an object to add stuff, but it means one more key generated and possibly compromisable.
[1]: Most encryption uses a core symmetric key that is randomly generated, then encrypts that core key using the user's hashed passphrase, their public key, or both. Public key crypto is very rough on the CPU, so it is only used as little as possible, and in general, symmetric key algorithms are more secure than public/private key ones.
There is always WinFLP (Windows Fundamentals for Legacy PCs), which Microsoft put out to compete with lightweight clients a few years back. Essentially it is a modified copy of XPe and doesn't have a number of features (no BlueTooth, etc.) that XP has. Another alternative is Windows Server 2003 which tends to be more lightweight than XP.
I'm in the same boat. I would love to have a full featured PC with a 7-8" screen that I can carry with me that I can use with a USB serial port for diagnosing router issues.
For Web browsing in a VM, it is hard to beat XP for something that takes 512 MB of RAM, 16-24 gigs of disk space (partitioned into two disks, one for the system, one for scratch space for sandboxie's sandbox.) Its footprint is so light, the VM can stay resident on a box with 6-8 gigs of memory without issue, even with running fairly larger applications like Acrobat [1], Photoshop, Dreamweaver, and Flash.
I use Acrobat for producing PDFs for long term storage, FoxIt for viewing. So far, so good.
Devil's advocate:
Keeping everything on paper may seem antiquated, perhaps slow... but it wasn't that long ago when a spreadsheet was a true ledger, but with someone who can do double entry bookkeeping, this isn't an impossible task.
It will be going back in time to the '60s and '70s, but for low-volume transactions, a business could get by with carbon paper (so entries are kept in duplicate or triplicate), ledgers, and such. If one is worried about calculators, there are mechanical adding machines which worked well. If one isn't worried about calculators, there are always the ones that print receipts available for cheap new or used.
So, going back to paper and pencil can be done. It will suck for businesses that do a lot of volume, but if one wanted real security, it is doable.
I also have to give props to Baen Publishing for that. they had some of their older classics offered for download as eBooks for no charge.
O'Reilly also does this, which is nice, as one can have the dead tree manual on the shelf at the office, while one can check the eBook and fix things when down in the data center.
Not another device to get hacked or add another point to be constantly monitored. I'll pass. Couple reasons why:
1: That temperature of water can be turned scalding quite quickly if someone manages to hack the device, and with a camera, there will be YouTube vids galore of people getting scalded.
2: I really don't want ads in my bathroom, nor cameras. No viewer or lackey in any intel organization or LEO deserves that punishment.
3: I also don't want another camera for some potential burglar to have access to via wardriving.
4: Technology for technology's sake is pointless. I want stuff in a bathroom to be simple and elegant. It is one of the few places in a building where I can get away from it.
5: I don't need another electronic item to break or need power.