Even if malware gets your user account's context, it still can do a lot of damage. Ransomware only needs user access to do its dirty deeds, and botnets and BitCoin miners can run well without needing anything from the admin account.
I also recommend Sandboxie if one doesn't want to use a full virtual machine. If the browser gets compromised, it still is only in the sandbox. It can't get to a user context, much less one with admin rights. With the ability to redirect all writes to a separate filesystem, if malware decides to do something annoying like (mkdir foo, cd foo, repeat), you can just format that filesystem and be done with it.
For front-line Web browsing at home, I run a Windows instance in a VM and browse with that. Every so often, I roll back to a snapshot, and continue browsing from there. If the VM gets infected, since it sits behind a PFSense virtual router which is configured to block any traffic going anywhere but out the gateway, block outgoing port 25, and other sanity rules, the VM is limited of what damage it can do.
If some adversary, even a well-heeled one can find it now, it only will get worse. Once the exploit is out, it can be made into something usable by virtually anyone. Stuff like this needs fixed, theory or no, because the Android keystore or iOS's KeyChain guards a lot of sensitive, high-value content.
I wish there were a balance somewhere between modern ECU and reliability of engines, versus repairability. It would be nice if there were an "open" engine design with the ECU firmware open sourced, but it would have to always keep up to EPA standards. However, engine design takes a long time, and there just wouldn't be that much of a market for something that would lag 5-10 years behind what every other vehicle maker would offer.
It would be nice, though. Having the ability to keep an engine going indefinitely with parts that are able to be created from relative scratch, would be useful, especially for farm equipment.
It may sound crazy, but with people making stuff and putting it on Youku Tudou, it just may be something that gets honed and becomes a positive thing for the Chinese culture for the long term. As time goes on, things get more refined and professional. It also gets more people involved in theater and the arts, and this is always a good thing. This is how new forms of entertainment (be it jazz, vaudeville, opera, etc.) are created.
I wouldn't be surprised if 100 years from now, videos on YouTube and similar sites are regarded with high esteem, similar to how movies made in the early part of the 20'th century evoke nostalgia.
Security guards are not just a deterrent, they are something that can go after a threat with the full force of the law on an active basis.
It also raises the level of the crime when live people get involved, from a crime against property to a violent felony, which is definitely going to earn a long prison sentence by any jury out there.
Depends on the alarm. The units that dump fog into the interior of the car and flash strobe lights do a lot more to stop an intrusion than the ones that just add to city noise pollution.
Most punks tend to not be scared of CCTV cameras, as a hoodie and sunglasses tend to deal with those. I can see people just tossing a tarp over one of these robots, perhaps a tarp with a drawstring, and that is that.
Worst case, the smash and grab types will just kick the thing over.
This is not to say Knightscope units are not useful. The best thing is to have them supplement the live, armed guards on premises. This way, there is better coverage, and faster detection of would-be burglars.
Had a similar experience. Got a callback right on time, and the CC was refunded. I also had a dud iPhone, and it was exchanged in the store.
This is what Apple does best -- customer support for consumers. Yes, the proles which other companies treat with nothing but contempt. Not just people who pay for business-grade, but everyday people. This is also part of the reason why I buy from them, even though they are not the cheapest thing around, because Apple actually stands by their products, and you can get someone in a reasonable amount of time.
This is also part of the reason why PC companies are losing ground. Not just because people are moving to tablets, but most PC maker support is horri-bad, and the worry that a new computer may mean hours on hold trying to learn Hindi enough to beg the tech on the other end not to hang up but to actually consider sending a replacement part, as opposed to "just send the computer to this address... and we might send it back in 6-8 weeks."
A good example of this was my experience with one PC maker. After some PC updates, the machine locked me out of my HDDs with ATA passwords. After three hours on hold with the L1 tech asking me to repeatedly reset the power/admin BIOS passwords, the guy told me to just send the HDD to a recovery firm, pay $600, and stop wasting his time. I wound up downgrading the firmware via an undocumented switch, unlocking the drive, upgrading, and the problem was fixed. Apparently the firmware update which wasn't mentioned in the driver update package had a different way of passing the ATA password to the drive than the previous release, which resulted in lockouts.
Needless to say, my recent laptop purchases have been all Apple, not because Apple's hardware is that good, but if I call with a problem, they are able to do something in a reasonable amount of time.
The original Android implementation of dm-crypt generates a -random- key in Android 5.0, which is the key used for encryption. It then encrypts that key with the user's passphrase/PIN/whatever. This implementation is pretty secure, because other than active RAM attacks, when the phone starts up, it will ask for the decryption key for/data, and no key, no decryption.
From what I have looked at with CyanogenMod, this ROM uses the "old fashioned way". No TrustZone, no fancy footwork with keys... just a relatively simple prompt for the passphrase at the phone startup so/data can be mounted and used. From there, the VEK (volume encryption key) is in RAM, and the screen lock is used. This is simple, but effective.
Storage vendors can also expand their products to more niches as well:
Fault-tolerant drives come to mind. I remember one drive maker having a model with two active/active independent sets of drive heads. If one set failed, drive throughput would be slower, but the data can be pulled off.
Different drive shapes. It was mentioned a few weeks ago about having taller 2.5" drives so platters could be stacked higher. This would be useful for arrays.
Hybrid SSD/hard drives, where the HDD itself does the autotiering work itself, or just using the SSD as a cache to buffer random writes and reads.
Smarter drive controllers, where individual drives can know if they are in a JBOD configuration or as parts of a RAID set, so can function as a gestalt, communicating with one another.
Drives designed from the ground up as removable media, in a shock resistant case, and are intended to be used, then stored offline like tape, with a rated archival life, and drive controller functionality that makes doing a check for bit rot quite fast.
Drives that are designed for removable media, but does WORM, cryptographically signing all written data.
Storage makers just need to get their heads out of their derrieres and start hitting niche markets. Making a hard drive format that can work like tape, but relatively inexpensive, where the "drive" enclosure is pretty much a SATA pass-through would sell a lot of instances, especially with ransomware on the rise, so people are more aware of the need for backups.
OpenStack's biggest advantage is the F/OSS nature of the product. For companies and organizations that might not have money for licensing, but have lots of people and man-hours to throw at OpenStack, it might be a solid solution, although there are things like VMWare's Fault Tolerant VMs and HA items which Nova really needs for it to be more enterprise friendly.
Other than cost (where Amazon gets you coming, stashed, and going), what is so bad about S3? OpenStack's Swift is maturing rapidly, but S3 is still ahead of it when it comes to features.
I personally like Synology NoteStation, on a NAS that is dedicated to DMZ/external stuff. It isn't as snazzy as EverNote or other products, but the physical data is under my control, and the NAS appliance can back itself up to a number of sources (external drive, encrypted cloud storage, etc.)
With ads comes monitoring and analytics, not to mention browser fingerprinting. I'll pass.
I wish Amazon would offer the opposite. Pay a bit more, get a phone with up to date specs, a MicroSD card, two SIM card slots, with the bootloader unlockable with fastboot oem unlock, like the Nexus series, and certified builds of CyanogenMod, and bloatware free ROMs, with source code for all SoC drivers available.
Nope, from what an acquaintance told me who works in that field, you tell a hospital that they need to buy Veeam and a backup device, they will show you the door because those do not offer any positive ROI. You point out HIPAA issues, they will just laugh and point out that HIPAA is almost rarely enforced. They are more interested in having sophisticated locks to keep patients out of the Prozium cabinets than to have any actual protection of records.
If you ask someone if they back their stuff up, they would say that their computer doesn't have a reverse gear. In fact, I've encountered plenty of people who assume their documents will get trashed, and don't bother doing anything about it. If you can get people to install Mozy or something, that is almost a miracle, much less plugging in an external HDD.
Plus, for Windows, most client backup utilities outside of Veeam and Bup are utter garbage. I've seen way too many programs fail silently and not complete backup jobs, much less clean off old backup sets if the destination drive is full. Most at best offer compression, but few bother to have deduplication.
It is just an arms race escalation. Used to be that an external HDD was good enough. Now, probably the cheapest ransomware protection is a NAS that does ZFS/btrfs snapshots (if not backs itself up to an external HDD) so ransomware can only trash a share, which can be recovered.
If someone can void the transfers and delist the illegal transactions, what keeps someone from voiding legit transactions under some pretense? For example, if a group is disliked in a country, what is to say the same mechanism that stops ransomware transactions would not be used to stop dissident organizations, or rival parties against the incumbant come an election?
The thing about BTC is that it gives plenty of rope to hang people with. The blockchain is immutable, and even though people don't know who owns a wallet, they can follow the money and start inferring.
Problem is... which currency? There are a lot of crypto-currencies out there, even people who have services where one can make your own cryptocurrency with various parameters. BitCoin was the first and has the most support from the mainstream. I can't really go up to a website and pay them in Dogecoin as I can with BTC.
A BitCoin 2.0 is possible, but the hard part is getting critical mass. We already got through initial growing pains with BTC, and people are way about another currency and possible Mt. Gox style incidents.
Even though BTC has little anonymity (even tumbling doesn't help that much, as one can still "follow the money" and watch tainted coins), it is not going anywhere.
I think they bought Motorola Mobile in order to not worry about potential patent litigation from that direction. Now that the patent wars are slowing down, Google seems to be interested in going back into hardware, but not with the baggage attached from an existing cellphone company.
This may hurt Google in the long term, though, especially with other makers making their own mobile operating systems, so if they get too fed up with Android, they can just leave.
Also, what would a Google smartphone get me over a Nexus line? The main thing I want is "fastboot oem unlock" and the ability to run my own firmware, be it a GPE based firmware, CyanogenMod, or something I cooked up just to see if it would run. Without this, I'll go elsewhere, as a locked bootloader pretty much means the device will be ready for the garbage can in 1-2 years.
Slashdot Mirror
Even if malware gets your user account's context, it still can do a lot of damage. Ransomware only needs user access to do its dirty deeds, and botnets and BitCoin miners can run well without needing anything from the admin account.
I also recommend Sandboxie if one doesn't want to use a full virtual machine. If the browser gets compromised, it still is only in the sandbox. It can't get to a user context, much less one with admin rights. With the ability to redirect all writes to a separate filesystem, if malware decides to do something annoying like (mkdir foo, cd foo, repeat), you can just format that filesystem and be done with it.
For front-line Web browsing at home, I run a Windows instance in a VM and browse with that. Every so often, I roll back to a snapshot, and continue browsing from there. If the VM gets infected, since it sits behind a PFSense virtual router which is configured to block any traffic going anywhere but out the gateway, block outgoing port 25, and other sanity rules, the VM is limited of what damage it can do.
If some adversary, even a well-heeled one can find it now, it only will get worse. Once the exploit is out, it can be made into something usable by virtually anyone. Stuff like this needs fixed, theory or no, because the Android keystore or iOS's KeyChain guards a lot of sensitive, high-value content.
I wish there were a balance somewhere between modern ECU and reliability of engines, versus repairability. It would be nice if there were an "open" engine design with the ECU firmware open sourced, but it would have to always keep up to EPA standards. However, engine design takes a long time, and there just wouldn't be that much of a market for something that would lag 5-10 years behind what every other vehicle maker would offer.
It would be nice, though. Having the ability to keep an engine going indefinitely with parts that are able to be created from relative scratch, would be useful, especially for farm equipment.
It may sound crazy, but with people making stuff and putting it on Youku Tudou, it just may be something that gets honed and becomes a positive thing for the Chinese culture for the long term. As time goes on, things get more refined and professional. It also gets more people involved in theater and the arts, and this is always a good thing. This is how new forms of entertainment (be it jazz, vaudeville, opera, etc.) are created.
I wouldn't be surprised if 100 years from now, videos on YouTube and similar sites are regarded with high esteem, similar to how movies made in the early part of the 20'th century evoke nostalgia.
Security guards are not just a deterrent, they are something that can go after a threat with the full force of the law on an active basis.
It also raises the level of the crime when live people get involved, from a crime against property to a violent felony, which is definitely going to earn a long prison sentence by any jury out there.
Depends on the alarm. The units that dump fog into the interior of the car and flash strobe lights do a lot more to stop an intrusion than the ones that just add to city noise pollution.
Most punks tend to not be scared of CCTV cameras, as a hoodie and sunglasses tend to deal with those. I can see people just tossing a tarp over one of these robots, perhaps a tarp with a drawstring, and that is that.
Worst case, the smash and grab types will just kick the thing over.
This is not to say Knightscope units are not useful. The best thing is to have them supplement the live, armed guards on premises. This way, there is better coverage, and faster detection of would-be burglars.
Had a similar experience. Got a callback right on time, and the CC was refunded. I also had a dud iPhone, and it was exchanged in the store.
This is what Apple does best -- customer support for consumers. Yes, the proles which other companies treat with nothing but contempt. Not just people who pay for business-grade, but everyday people. This is also part of the reason why I buy from them, even though they are not the cheapest thing around, because Apple actually stands by their products, and you can get someone in a reasonable amount of time.
This is also part of the reason why PC companies are losing ground. Not just because people are moving to tablets, but most PC maker support is horri-bad, and the worry that a new computer may mean hours on hold trying to learn Hindi enough to beg the tech on the other end not to hang up but to actually consider sending a replacement part, as opposed to "just send the computer to this address... and we might send it back in 6-8 weeks."
A good example of this was my experience with one PC maker. After some PC updates, the machine locked me out of my HDDs with ATA passwords. After three hours on hold with the L1 tech asking me to repeatedly reset the power/admin BIOS passwords, the guy told me to just send the HDD to a recovery firm, pay $600, and stop wasting his time. I wound up downgrading the firmware via an undocumented switch, unlocking the drive, upgrading, and the problem was fixed. Apparently the firmware update which wasn't mentioned in the driver update package had a different way of passing the ATA password to the drive than the previous release, which resulted in lockouts.
Needless to say, my recent laptop purchases have been all Apple, not because Apple's hardware is that good, but if I call with a problem, they are able to do something in a reasonable amount of time.
IIRC, CyanogenMod doesn't touch TZ... it just uses dm-crypt, prompts for the passphrase that unlocks the /data volume key, then goes from there.
The original Android implementation of dm-crypt generates a -random- key in Android 5.0, which is the key used for encryption. It then encrypts that key with the user's passphrase/PIN/whatever. This implementation is pretty secure, because other than active RAM attacks, when the phone starts up, it will ask for the decryption key for /data, and no key, no decryption.
From what I have looked at with CyanogenMod, this ROM uses the "old fashioned way". No TrustZone, no fancy footwork with keys... just a relatively simple prompt for the passphrase at the phone startup so /data can be mounted and used. From there, the VEK (volume encryption key) is in RAM, and the screen lock is used. This is simple, but effective.
Storage vendors can also expand their products to more niches as well:
Fault-tolerant drives come to mind. I remember one drive maker having a model with two active/active independent sets of drive heads. If one set failed, drive throughput would be slower, but the data can be pulled off.
Different drive shapes. It was mentioned a few weeks ago about having taller 2.5" drives so platters could be stacked higher. This would be useful for arrays.
Hybrid SSD/hard drives, where the HDD itself does the autotiering work itself, or just using the SSD as a cache to buffer random writes and reads.
Smarter drive controllers, where individual drives can know if they are in a JBOD configuration or as parts of a RAID set, so can function as a gestalt, communicating with one another.
Drives designed from the ground up as removable media, in a shock resistant case, and are intended to be used, then stored offline like tape, with a rated archival life, and drive controller functionality that makes doing a check for bit rot quite fast.
Drives that are designed for removable media, but does WORM, cryptographically signing all written data.
Storage makers just need to get their heads out of their derrieres and start hitting niche markets. Making a hard drive format that can work like tape, but relatively inexpensive, where the "drive" enclosure is pretty much a SATA pass-through would sell a lot of instances, especially with ransomware on the rise, so people are more aware of the need for backups.
OpenStack's biggest advantage is the F/OSS nature of the product. For companies and organizations that might not have money for licensing, but have lots of people and man-hours to throw at OpenStack, it might be a solid solution, although there are things like VMWare's Fault Tolerant VMs and HA items which Nova really needs for it to be more enterprise friendly.
Other than cost (where Amazon gets you coming, stashed, and going), what is so bad about S3? OpenStack's Swift is maturing rapidly, but S3 is still ahead of it when it comes to features.
I personally like Synology NoteStation, on a NAS that is dedicated to DMZ/external stuff. It isn't as snazzy as EverNote or other products, but the physical data is under my control, and the NAS appliance can back itself up to a number of sources (external drive, encrypted cloud storage, etc.)
Maybe an option to turn all additional API stuff off, except for the web page? Facebook allows people to disable the third party app API platform.
F-Droid as well.
With ads comes monitoring and analytics, not to mention browser fingerprinting. I'll pass.
I wish Amazon would offer the opposite. Pay a bit more, get a phone with up to date specs, a MicroSD card, two SIM card slots, with the bootloader unlockable with fastboot oem unlock, like the Nexus series, and certified builds of CyanogenMod, and bloatware free ROMs, with source code for all SoC drivers available.
Back up the server? Even snapshots will foil most ransomware because they can't normally zap ZFS or btrfs snaps through a CIFS share interface.
Nope, from what an acquaintance told me who works in that field, you tell a hospital that they need to buy Veeam and a backup device, they will show you the door because those do not offer any positive ROI. You point out HIPAA issues, they will just laugh and point out that HIPAA is almost rarely enforced. They are more interested in having sophisticated locks to keep patients out of the Prozium cabinets than to have any actual protection of records.
If you ask someone if they back their stuff up, they would say that their computer doesn't have a reverse gear. In fact, I've encountered plenty of people who assume their documents will get trashed, and don't bother doing anything about it. If you can get people to install Mozy or something, that is almost a miracle, much less plugging in an external HDD.
Plus, for Windows, most client backup utilities outside of Veeam and Bup are utter garbage. I've seen way too many programs fail silently and not complete backup jobs, much less clean off old backup sets if the destination drive is full. Most at best offer compression, but few bother to have deduplication.
It is just an arms race escalation. Used to be that an external HDD was good enough. Now, probably the cheapest ransomware protection is a NAS that does ZFS/btrfs snapshots (if not backs itself up to an external HDD) so ransomware can only trash a share, which can be recovered.
If someone can void the transfers and delist the illegal transactions, what keeps someone from voiding legit transactions under some pretense? For example, if a group is disliked in a country, what is to say the same mechanism that stops ransomware transactions would not be used to stop dissident organizations, or rival parties against the incumbant come an election?
The thing about BTC is that it gives plenty of rope to hang people with. The blockchain is immutable, and even though people don't know who owns a wallet, they can follow the money and start inferring.
Problem is... which currency? There are a lot of crypto-currencies out there, even people who have services where one can make your own cryptocurrency with various parameters. BitCoin was the first and has the most support from the mainstream. I can't really go up to a website and pay them in Dogecoin as I can with BTC.
A BitCoin 2.0 is possible, but the hard part is getting critical mass. We already got through initial growing pains with BTC, and people are way about another currency and possible Mt. Gox style incidents.
Even though BTC has little anonymity (even tumbling doesn't help that much, as one can still "follow the money" and watch tainted coins), it is not going anywhere.
I think they bought Motorola Mobile in order to not worry about potential patent litigation from that direction. Now that the patent wars are slowing down, Google seems to be interested in going back into hardware, but not with the baggage attached from an existing cellphone company.
This may hurt Google in the long term, though, especially with other makers making their own mobile operating systems, so if they get too fed up with Android, they can just leave.
Also, what would a Google smartphone get me over a Nexus line? The main thing I want is "fastboot oem unlock" and the ability to run my own firmware, be it a GPE based firmware, CyanogenMod, or something I cooked up just to see if it would run. Without this, I'll go elsewhere, as a locked bootloader pretty much means the device will be ready for the garbage can in 1-2 years.