IMHO, wouldn't Java be a example of the contrary to this? I don't know any OSS utilities or operating systems that have had as many issues as Java has had, allowing an attacker to seize control of multiple platforms.
The only thing that came close would have been sendmail in the '90s, and that lasted about 6-9 months.
Of course, Solaris is a different beast altogether, and it has stood the test of time, security-wise. However, this is more of Sun's creation than Oracle's.
2: 100 dollars per US citizen with documentation that this was done. No, corporations are not citizens. If a court wants to dispute that, then allow people to take their LLC incorporation articles in a passenger seat while driving the HOV lane.
And adding a few:
5: David Chaum has a way to verify voting. Use it. No e-Voting machines which have been shown to be hacked by a monkey (as per a Free Republic article in 2004.) The venerable voting machines which used levers and punched holes in a card are also an alternative. No systems should be allowed where one can just change a value in a vote recorder and have no proof of tampering.
6: No non-US company or person can give money to campaigns, period. This is part of Mexico's Constitution, and needs to be part of their northern neighbor's ways.
7: Allow a no confidence vote to be taken. If Congress fails the American people like it is doing now, there should be a capability of a recall election, where all seats are up for grabs. If the no confidence vote is above 2/3, then no incumbent can run that next term.
8: Have Congress be under the same laws of insider trading that everyone else has to abide by.
Look at what it took with the US to make nuclear fission with the Manhattan Project. Sometimes the only way to get something to work is to throw enough money at it, that just sheer force of capital, it gets done.
Call me naive as well, but look at the payoff: Global warming slowed (manufacturing goods still will spew CO2, but burning coal and other stuff would be stopped.) Desalination would become easy so field would be irrigated regardless of how fickle the weather gets. Oil and gas still have a use (polymers), and those resources can be used as construction materials, not burned.
Even things that couldn't be done due to being energy prohibitive would make economic sense. Titanium would become far cheaper to make and would be a very useful building material.
Of course, with useful energy comes a row of advances. Space elevators become closer to reality for example.
The ironic thing is that I have found that this is different where I am. I've had extreme interest in things which people have ignored for decades, from creating PGP/gpg keys for secure E-mail/messaging, to using other social networks, or just using encryption apps on top of SMS. Just basic things like getting people to care about private keys was like pulling teeth. Now, people are highly interested in protecting data in a reasonable way.
Believe it or not, I've had people interested in PGP/gpg keysigning gatherings, something I've not seen happen since the mid-1990s.
So, a lot of people still are uninterested in crypto, but the "nothing to hide" is becoming, "I keep my doors locked to protect against thieves."
It isn't great, but I'd say it is better than nothing.
Auto makers are genuinely afraid of battery technology, not to mention their bedfellows, Big Oil.
Take solar for example. Yes, it produces energy, but if it isn't stored, oil/coal/gas is still the main source of energy come non-peak times. Add batteries with a high energy density, and places can run completely on their arrays.
Of course, batteries that are within 1/10 the energy by volume of gasoline would drastically change transportation as we know it. Out goes the relatively wasteful Otto engine, in go electric motors which don't dump a good chunk of their energy out the exhaust pipe or through heat losses.
There can be also things one can do with parked cars that can't be done now. When parked at night the cars can charge. If there is an overload on the grid, the cars can discharge batteries, putting additional usable juice on the wires until the batteries reach a set point (say 90% SOC or so.)
In the past, refrigeration did not take hold for 20+ years after it was invented due to the tight grip of the ice-houses. Battery development is in a similar situation since if it does become near gasoline in energy density, larger energy generation spots can handle needs through economies of scale, and smaller places can remain off-grid, but still have reliable power.
Wordperfect is still going strong. I have a relative who has been using a version of WP since 5.2 on Windows 3.1. This version worked well until her old PC gave up the ghost (wouldn't POST.) On Windows 7 and Wordperfect X6, all her old WPD documents still open and work without issue.
The Reveal Codes feature is still there in WPX6, and it does work with Word docs.
These days, if I were to recommend an office suite, my first question would be what one is going to do with it, then go from there:
If one is exchanging documents, Microsoft Office is the lingua franca for documents. It is like the AutoCAD formats -- if you want your stuff to hit the mill, you use AutoCAD or you don't play ball. Yes, other programs can easily export/import to Word... but you usually get stuff that has came over 99% or 99.9% accurately... which means formatting is usually hosed, and formatting is critical for a lot of documents.
If one just wants something commercial, Wordperfect is still useful for legal stuff. It has kept with the times, and has not fallen into the subscription model that Office has.
For general use, I'd say it is a toss-up between LibreOffice, OOo, or Apple's Pages/Numbers/Keynote. Apple's iWork offering is decent, although Apple should take a look into it since its last major update was in '09, and not touched since.
What I've found is sometimes the best protection for data center rack protection is sometimes things that are fairly simple.
Something as simple as pin-Torx or pin-Robertson (square head) screws can keep equipment from vanishing, assuming the bits are stored somewhere fairly secure. It isn't near 100%, but it will slow someone down who managed to get in, and who is looking to unbolt something out of a rack and then make a break for it out the fire door.
If I need more secure tamper-resistant screws, Bryce Fastener can make custom-headed screws that only each customer would have bits to. This is low-tech and won't stop someone who has the ability to haul 500+ pounds out on a rack, but it is a good line of defense.
Computer-wise, for very sensitive servers, I always have some sort of DAR (disk at rest) encryption (with the recovery keys stored in multiple secure, but recoverable locations.) That way, if someone grabs all the disks from an array, the data is useless without the LUKS or BitLocker keys. Similar on the SAN side. With encryption enabled on the drive controllers and the drives being hardware self-encrypting, a theft becomes "just" a hardware loss, not both hardware loss and a major security breach.
None of these measures are 100%. A computer that uses BitLocker Network Unlock can be decrypted via a RAM dump. Security screws can be drilled or slotted with a Dremel tool. However, it is better to have some measures in place than none.
I wonder how this compares to the Austin solar plant, which generates a lot less energy than this one (30MW), but it consists of panels on single axis trackers. It cost $250 million, but from what I gather, it should have a long lifespan due to its relative simplicity. Of course, the ability to store energy at night is a big difference, but I wonder which plant will amortize better over time.
I can't see how cloud services ever could be made fungible on a large scale unless providers shared data centers.
A terabyte of storage on a data center close to me network-wise can be far more valuable than a chunk sitting on the wrong end of a 28.8 in Elbonia.
Then there are SLA models. A terabyte of storage stored on a spanned array on a bunch of USB drives is less valuable to one on a multi-path EMC VNX with a tier 1 (SSD) backend, replicating to another site in real time.
Of course, there is security. A terabyte of storage on someone's anonymous FTP server is a lot less valuable than a terabyte of encrypted storage via secure links and protocols.
If one takes a look at the building blocks of storage, not even they are fungible. A terabyte of space on an EMC VNX is different from one on a NetApp SAN. A terabyte of space on a FCoE LUN is different from one being sent via iSCSI, or a terabyte of storage plugged in via a USB port.
Then there are ways storage is accessed. For example, iCloud is not meant for tossing files on and sharing them. Instead, MediaFire would be a better candidate for that. For syncing between boxes, Dropbox is a solid candidate.
Storage has come a long way, but there are still way too many tiers before it becomes standardized to the point where one can say "one terabyte of storage" without any qualifications such as location, access, interface type, etc.
This is what people in ancient Egypt did, because water in/around the Nile wasn't exactly mountain stream pure.
With enough alcohol to kill the bad bugs, a beer can do a good job at getting rid of thirst but without getting people too drunk or dehydrated.
There are brewing recipes for homebrewers from those times (how authentic, I have no clue). It might be interesting to brew a "small beer", and see how it works versus say, Gatorade.
Having seen games evolve in positive ways, it seems that gaming has either gone one of two paths:
The first path is the console game. The game is usually a late beta, so requires patching. Then, for content, unlike in the past where expansions were as good as the original game, one is inundated with DLC purchases they have to make. Want to play an orc? That's 9.99. Want the rocket gun? That's another ten-spot. Want another level? $29.95 please. So, to play a game that was released to the fullest, it can easily be hundreds of dollars for gameplay that on earlier games, came with the game.
The second path is free to play, play to win games. Yes, one might be able to get a canoe to play for a pirate's game, but if one actually wants to advance, they will have to spend hundreds to purchase a decent ship, not to mention cannons, and so on.
These two paths seem to be what 99.9% of the gaming industry seems to be going. Games tend to be cookie-cutter.
I tend to bag on WoW, but even though WoW is a MMO, Blizzard does a great job with expansions, providing not just endgame stuff, but additional things to do 1-cap. MoP had an additional class and race, Cata had two races, WotLK had another class, BC had two races and classes (debatable, but regardless of faction, you had another class to choose from.) Other MMOs miss this and might toss in a few expansion zones, some raids, and call it done, but WoW does a good job at the whole 1-cap game.
Another good game that did it right was Neverwinter Nights 1. The expansions not just added gameplay, but added to almost every facet of the game. The later modules were smaller, but added a good amount of content that was worth playing. One didn't have to spend $10.00 for the ability to get a ninja turban, or $20.00 to play a drow.
My question:
Is there a market niche for "old school" games (think Baldur's Gate) that one bought the game, then down the road, perhaps a significant expansion or two. Not "junk" DLC that might be required to win, such as $10.00 for a sword or $100.00 for uberness? Or are we pretty much doomed to keep getting nickled and dimed by pointless [1] DLC regardless.
[1]: There is useful DLC, such as the NWN1 modules, then there is pointless DLC as having to buy the privilege to see and use a rocket launcher in order to survive at a multiplayer FPS.
A "large" unit that does 200 watts might be useful for trickle charging batteries on a RV to allow for some boondocking when the solar panels don't give enough power to keep the bank charged... but we already have technologies out that give a better energy/volume than what is stated.
Truma, an European RV appliance maker makes a fuel cell that uses propane. It makes up to 250 watts, which may not run an A/C, but it does a good job at keeping the batteries topped off, which is important because RV furnaces require electricity for the vent fans for the heat exchanger.
There is also the EFOY cell that uses methanol that is starting to be used in RVs in the US (Roadtrek E-treks), but it is still quite expensive. If it starts selling for a bit less, it will go a long way to keeping batteries maintained when a rig is stored or when boondocking.
With all the disadvantages of hydrogen (3600 PSI, while a propane tank will vent at 200 PSI), I'd give this a good start, but still needs work before it would have a real niche here in the US.
Part of FISMA compliance are audits, both scheduled and random. There are many, many different controls that are checked, and and too many exceptions might get the authority to operate revoked.
As for MS getting out of the cloud business, I'm sure there is a contractor who is more than willing to take over the data center and keep the operations going.
This compliance sounds like a lot of rubric, but it is overall a good thing. Beats just depending on the "trust me" words on a cloud provider's web page showing how secure they are.
Realistically, I wish more data centers had this criteria. It means that they can get audited at any time for security or process. Of course, this sounds like needless paperwork and red tape, but this is a good thing overall. It beats having a data center where security is an afterthought at best. It also means that there are people actively watching the IDS/IPS installations.
For example, parts of this compliance even mean that all the data on the hard disks are encrypted (DAR or data at rest protection.) This sounds silly, but it does guard against data loss if physical drives are stolen [1] and it also helps when servers get decommissioned in ensuring that data stays destroyed.
[1]: What good it would do without knowing how the RAID controller stores data is secondary, of course.
If multiple data havens colluded and knew what the I/O was for customers, they could find out that a customer might have data backed up to where. Then, each data haven could "accidentally" lose the data. The one remaining DH would demand a ransom, then split it among the others.
Of course, this is tinfoil hat territory, as the one thing that will make or break the extortion is a backup somewhere else, but it is something that could happen.
The penalties for being outed for extortion might not be that steep as one might think. For example, there is a lot of anti-US sentiment out there, and an offshore DH stating that they will not help Americans, nor allow them to retrieve stored data might get them positive PR in their country. It might be the case that even extorting money and being public about it might get them accolades.
I see Silent Circle going down the same path that Hushmail travelled. Hushmail is a very good service, but when told to either cooperate with Interpol or else, they cooperated.
With SC, they will likely be forced with the same choice. Hand over keys and put in backdoors or face shutdown/prison time.
Instead, the focus should not be on communications, but endpoint security. Maybe PGP needs a revisit?
If I had to use a well studied algorithm that -might- have a backdoor by an agency versus an algorithm that is "secret" that someone pulled out of their derriere, I'd rather have the former.
I've been in those shoes before. My freshman year of college, I made a crypto algorithm that I thought was the cat's meow... plopped it on sci.crypt, and it was shredded by people who actually knew what it was doing in minutes.
We already had those dark days of finding working crypto algorithms when people didn't use DES for much. I'd rather take something that has seen some heavy duty machinery trying to find any weaknesses in it than to use yet another "secret" algorithm that someone pulled out of their ass which is just another implementation of using the random() function with the seed being the passphrase and the output XOR-ed with the input data.
Of course, the encryption algorithm is just half the battle. Using any algo in ECB mode is going to weaken security no matter how good it is.
IIRC, Twofish did not make the AES finalist because it used more CPU than Rijndael. This doesn't mean Twofish is less secure, it just means that crypto ASICs are cheaper to make shifting blocks around than Twofish's split key/algorithm method.
Were I to choose one of the other just for security, I'd choose Twofish over Rijndael, but NIST had other parameters in their design decision.
You hit the nail on the head. Crypto algorithms are secure enough that the points of attack won't be the bulk encryption. Instead, it will be how keys are negotiated, weakened PRNGs (who would know that a PRNG only is using 8 random bits out of 256 for nonces unless someone looks at every salt produced and only sees 256 different numbers), compromised CAs, or other weaknesses.
Breaking AES would be like winning a lottery for someone who reads sci.crypt. It would give a next generation of algorithms which would be more secure, such as how AES is resistant to differental cryptoanalysis.
Skipjack was pretty thoroughly weakened once it was declassified. DES is still useful in TDES mode, but that is pretty expensive computation-wise compared to a newer algorithm like Twofish.
Of course, there are blocksize issues with the older cyphers...
The funny thing is that can backfire. This was something talked about on the Cypherpunks list when it was on toad.com. One discussion recommended people use a service such as an offshore data haven (when they came about) for everything. The result would be that there would be so much chaff that any spying organization [1] would be spending a lot of time trying to crack stuff just to find that they just wasted a bunch of CPU time on a TrueCrypt volume of someone's MP3 stash.
There are plainer reasons for stashing items in an "offshore data haven". Protection against geographic events, so if something the size of Hurricane Tip slams against part of the US, critical data is still retrievable.
Of course, there is one big issue with offshore data havens... how are they recompensed for the data they store, and what keeps them from deciding to hold data for ransom. If they find that they have an encrypted data blob from a company whose offices are completely demolished, they can demand a price for access and a company would either pay up or close up.
[1]: NSA, ISI, FSS, PLA, etc. The US was outed, but there are numerous other players.
More advanced firewalls can detect unknown data streams on a SSL port that are going to a server outside, cork the data, and send an alert upstream to whomever is monitoring stuff.
Slashdot Mirror
IMHO, wouldn't Java be a example of the contrary to this? I don't know any OSS utilities or operating systems that have had as many issues as Java has had, allowing an attacker to seize control of multiple platforms.
The only thing that came close would have been sendmail in the '90s, and that lasted about 6-9 months.
Of course, Solaris is a different beast altogether, and it has stood the test of time, security-wise. However, this is more of Sun's creation than Oracle's.
I wonder about modifying a few of those:
2: 100 dollars per US citizen with documentation that this was done. No, corporations are not citizens. If a court wants to dispute that, then allow people to take their LLC incorporation articles in a passenger seat while driving the HOV lane.
And adding a few:
5: David Chaum has a way to verify voting. Use it. No e-Voting machines which have been shown to be hacked by a monkey (as per a Free Republic article in 2004.) The venerable voting machines which used levers and punched holes in a card are also an alternative. No systems should be allowed where one can just change a value in a vote recorder and have no proof of tampering.
6: No non-US company or person can give money to campaigns, period. This is part of Mexico's Constitution, and needs to be part of their northern neighbor's ways.
7: Allow a no confidence vote to be taken. If Congress fails the American people like it is doing now, there should be a capability of a recall election, where all seats are up for grabs. If the no confidence vote is above 2/3, then no incumbent can run that next term.
8: Have Congress be under the same laws of insider trading that everyone else has to abide by.
Look at what it took with the US to make nuclear fission with the Manhattan Project. Sometimes the only way to get something to work is to throw enough money at it, that just sheer force of capital, it gets done.
Call me naive as well, but look at the payoff: Global warming slowed (manufacturing goods still will spew CO2, but burning coal and other stuff would be stopped.) Desalination would become easy so field would be irrigated regardless of how fickle the weather gets. Oil and gas still have a use (polymers), and those resources can be used as construction materials, not burned.
Even things that couldn't be done due to being energy prohibitive would make economic sense. Titanium would become far cheaper to make and would be a very useful building material.
Of course, with useful energy comes a row of advances. Space elevators become closer to reality for example.
The ironic thing is that I have found that this is different where I am. I've had extreme interest in things which people have ignored for decades, from creating PGP/gpg keys for secure E-mail/messaging, to using other social networks, or just using encryption apps on top of SMS. Just basic things like getting people to care about private keys was like pulling teeth. Now, people are highly interested in protecting data in a reasonable way.
Believe it or not, I've had people interested in PGP/gpg keysigning gatherings, something I've not seen happen since the mid-1990s.
So, a lot of people still are uninterested in crypto, but the "nothing to hide" is becoming, "I keep my doors locked to protect against thieves."
This doesn't sound like much, but it is a start.
It isn't great, but I'd say it is better than nothing.
Auto makers are genuinely afraid of battery technology, not to mention their bedfellows, Big Oil.
Take solar for example. Yes, it produces energy, but if it isn't stored, oil/coal/gas is still the main source of energy come non-peak times. Add batteries with a high energy density, and places can run completely on their arrays.
Of course, batteries that are within 1/10 the energy by volume of gasoline would drastically change transportation as we know it. Out goes the relatively wasteful Otto engine, in go electric motors which don't dump a good chunk of their energy out the exhaust pipe or through heat losses.
There can be also things one can do with parked cars that can't be done now. When parked at night the cars can charge. If there is an overload on the grid, the cars can discharge batteries, putting additional usable juice on the wires until the batteries reach a set point (say 90% SOC or so.)
In the past, refrigeration did not take hold for 20+ years after it was invented due to the tight grip of the ice-houses. Battery development is in a similar situation since if it does become near gasoline in energy density, larger energy generation spots can handle needs through economies of scale, and smaller places can remain off-grid, but still have reliable power.
I have an Amazon cable with the "Made for iPhone" logo on it. Works fine with iOS 7.
Might give Wordperfect X6 a try. It is pretty decent, and the "pro" version is 300 bones, which isn't too bad for an office suite.
Wordperfect is still going strong. I have a relative who has been using a version of WP since 5.2 on Windows 3.1. This version worked well until her old PC gave up the ghost (wouldn't POST.) On Windows 7 and Wordperfect X6, all her old WPD documents still open and work without issue.
The Reveal Codes feature is still there in WPX6, and it does work with Word docs.
These days, if I were to recommend an office suite, my first question would be what one is going to do with it, then go from there:
If one is exchanging documents, Microsoft Office is the lingua franca for documents. It is like the AutoCAD formats -- if you want your stuff to hit the mill, you use AutoCAD or you don't play ball. Yes, other programs can easily export/import to Word... but you usually get stuff that has came over 99% or 99.9% accurately... which means formatting is usually hosed, and formatting is critical for a lot of documents.
If one just wants something commercial, Wordperfect is still useful for legal stuff. It has kept with the times, and has not fallen into the subscription model that Office has.
For general use, I'd say it is a toss-up between LibreOffice, OOo, or Apple's Pages/Numbers/Keynote. Apple's iWork offering is decent, although Apple should take a look into it since its last major update was in '09, and not touched since.
What I've found is sometimes the best protection for data center rack protection is sometimes things that are fairly simple.
Something as simple as pin-Torx or pin-Robertson (square head) screws can keep equipment from vanishing, assuming the bits are stored somewhere fairly secure. It isn't near 100%, but it will slow someone down who managed to get in, and who is looking to unbolt something out of a rack and then make a break for it out the fire door.
If I need more secure tamper-resistant screws, Bryce Fastener can make custom-headed screws that only each customer would have bits to. This is low-tech and won't stop someone who has the ability to haul 500+ pounds out on a rack, but it is a good line of defense.
Computer-wise, for very sensitive servers, I always have some sort of DAR (disk at rest) encryption (with the recovery keys stored in multiple secure, but recoverable locations.) That way, if someone grabs all the disks from an array, the data is useless without the LUKS or BitLocker keys. Similar on the SAN side. With encryption enabled on the drive controllers and the drives being hardware self-encrypting, a theft becomes "just" a hardware loss, not both hardware loss and a major security breach.
None of these measures are 100%. A computer that uses BitLocker Network Unlock can be decrypted via a RAM dump. Security screws can be drilled or slotted with a Dremel tool. However, it is better to have some measures in place than none.
I wonder how this compares to the Austin solar plant, which generates a lot less energy than this one (30MW), but it consists of panels on single axis trackers. It cost $250 million, but from what I gather, it should have a long lifespan due to its relative simplicity. Of course, the ability to store energy at night is a big difference, but I wonder which plant will amortize better over time.
I can't see how cloud services ever could be made fungible on a large scale unless providers shared data centers.
A terabyte of storage on a data center close to me network-wise can be far more valuable than a chunk sitting on the wrong end of a 28.8 in Elbonia.
Then there are SLA models. A terabyte of storage stored on a spanned array on a bunch of USB drives is less valuable to one on a multi-path EMC VNX with a tier 1 (SSD) backend, replicating to another site in real time.
Of course, there is security. A terabyte of storage on someone's anonymous FTP server is a lot less valuable than a terabyte of encrypted storage via secure links and protocols.
If one takes a look at the building blocks of storage, not even they are fungible. A terabyte of space on an EMC VNX is different from one on a NetApp SAN. A terabyte of space on a FCoE LUN is different from one being sent via iSCSI, or a terabyte of storage plugged in via a USB port.
Then there are ways storage is accessed. For example, iCloud is not meant for tossing files on and sharing them. Instead, MediaFire would be a better candidate for that. For syncing between boxes, Dropbox is a solid candidate.
Storage has come a long way, but there are still way too many tiers before it becomes standardized to the point where one can say "one terabyte of storage" without any qualifications such as location, access, interface type, etc.
This is what people in ancient Egypt did, because water in/around the Nile wasn't exactly mountain stream pure.
With enough alcohol to kill the bad bugs, a beer can do a good job at getting rid of thirst but without getting people too drunk or dehydrated.
There are brewing recipes for homebrewers from those times (how authentic, I have no clue). It might be interesting to brew a "small beer", and see how it works versus say, Gatorade.
Having seen games evolve in positive ways, it seems that gaming has either gone one of two paths:
The first path is the console game. The game is usually a late beta, so requires patching. Then, for content, unlike in the past where expansions were as good as the original game, one is inundated with DLC purchases they have to make. Want to play an orc? That's 9.99. Want the rocket gun? That's another ten-spot. Want another level? $29.95 please. So, to play a game that was released to the fullest, it can easily be hundreds of dollars for gameplay that on earlier games, came with the game.
The second path is free to play, play to win games. Yes, one might be able to get a canoe to play for a pirate's game, but if one actually wants to advance, they will have to spend hundreds to purchase a decent ship, not to mention cannons, and so on.
These two paths seem to be what 99.9% of the gaming industry seems to be going. Games tend to be cookie-cutter.
I tend to bag on WoW, but even though WoW is a MMO, Blizzard does a great job with expansions, providing not just endgame stuff, but additional things to do 1-cap. MoP had an additional class and race, Cata had two races, WotLK had another class, BC had two races and classes (debatable, but regardless of faction, you had another class to choose from.) Other MMOs miss this and might toss in a few expansion zones, some raids, and call it done, but WoW does a good job at the whole 1-cap game.
Another good game that did it right was Neverwinter Nights 1. The expansions not just added gameplay, but added to almost every facet of the game. The later modules were smaller, but added a good amount of content that was worth playing. One didn't have to spend $10.00 for the ability to get a ninja turban, or $20.00 to play a drow.
My question:
Is there a market niche for "old school" games (think Baldur's Gate) that one bought the game, then down the road, perhaps a significant expansion or two. Not "junk" DLC that might be required to win, such as $10.00 for a sword or $100.00 for uberness? Or are we pretty much doomed to keep getting nickled and dimed by pointless [1] DLC regardless.
[1]: There is useful DLC, such as the NWN1 modules, then there is pointless DLC as having to buy the privilege to see and use a rocket launcher in order to survive at a multiplayer FPS.
Not just water, anything with a HVAC system, assuming this technology worked on other refrigerants.
A "large" unit that does 200 watts might be useful for trickle charging batteries on a RV to allow for some boondocking when the solar panels don't give enough power to keep the bank charged... but we already have technologies out that give a better energy/volume than what is stated.
Truma, an European RV appliance maker makes a fuel cell that uses propane. It makes up to 250 watts, which may not run an A/C, but it does a good job at keeping the batteries topped off, which is important because RV furnaces require electricity for the vent fans for the heat exchanger.
There is also the EFOY cell that uses methanol that is starting to be used in RVs in the US (Roadtrek E-treks), but it is still quite expensive. If it starts selling for a bit less, it will go a long way to keeping batteries maintained when a rig is stored or when boondocking.
With all the disadvantages of hydrogen (3600 PSI, while a propane tank will vent at 200 PSI), I'd give this a good start, but still needs work before it would have a real niche here in the US.
Part of FISMA compliance are audits, both scheduled and random. There are many, many different controls that are checked, and and too many exceptions might get the authority to operate revoked.
As for MS getting out of the cloud business, I'm sure there is a contractor who is more than willing to take over the data center and keep the operations going.
This compliance sounds like a lot of rubric, but it is overall a good thing. Beats just depending on the "trust me" words on a cloud provider's web page showing how secure they are.
Realistically, I wish more data centers had this criteria. It means that they can get audited at any time for security or process. Of course, this sounds like needless paperwork and red tape, but this is a good thing overall. It beats having a data center where security is an afterthought at best. It also means that there are people actively watching the IDS/IPS installations.
For example, parts of this compliance even mean that all the data on the hard disks are encrypted (DAR or data at rest protection.) This sounds silly, but it does guard against data loss if physical drives are stolen [1] and it also helps when servers get decommissioned in ensuring that data stays destroyed.
[1]: What good it would do without knowing how the RAID controller stores data is secondary, of course.
If multiple data havens colluded and knew what the I/O was for customers, they could find out that a customer might have data backed up to where. Then, each data haven could "accidentally" lose the data. The one remaining DH would demand a ransom, then split it among the others.
Of course, this is tinfoil hat territory, as the one thing that will make or break the extortion is a backup somewhere else, but it is something that could happen.
The penalties for being outed for extortion might not be that steep as one might think. For example, there is a lot of anti-US sentiment out there, and an offshore DH stating that they will not help Americans, nor allow them to retrieve stored data might get them positive PR in their country. It might be the case that even extorting money and being public about it might get them accolades.
I see Silent Circle going down the same path that Hushmail travelled. Hushmail is a very good service, but when told to either cooperate with Interpol or else, they cooperated.
With SC, they will likely be forced with the same choice. Hand over keys and put in backdoors or face shutdown/prison time.
Instead, the focus should not be on communications, but endpoint security. Maybe PGP needs a revisit?
If I had to use a well studied algorithm that -might- have a backdoor by an agency versus an algorithm that is "secret" that someone pulled out of their derriere, I'd rather have the former.
I've been in those shoes before. My freshman year of college, I made a crypto algorithm that I thought was the cat's meow... plopped it on sci.crypt, and it was shredded by people who actually knew what it was doing in minutes.
We already had those dark days of finding working crypto algorithms when people didn't use DES for much. I'd rather take something that has seen some heavy duty machinery trying to find any weaknesses in it than to use yet another "secret" algorithm that someone pulled out of their ass which is just another implementation of using the random() function with the seed being the passphrase and the output XOR-ed with the input data.
Of course, the encryption algorithm is just half the battle. Using any algo in ECB mode is going to weaken security no matter how good it is.
IIRC, Twofish did not make the AES finalist because it used more CPU than Rijndael. This doesn't mean Twofish is less secure, it just means that crypto ASICs are cheaper to make shifting blocks around than Twofish's split key/algorithm method.
Were I to choose one of the other just for security, I'd choose Twofish over Rijndael, but NIST had other parameters in their design decision.
You hit the nail on the head. Crypto algorithms are secure enough that the points of attack won't be the bulk encryption. Instead, it will be how keys are negotiated, weakened PRNGs (who would know that a PRNG only is using 8 random bits out of 256 for nonces unless someone looks at every salt produced and only sees 256 different numbers), compromised CAs, or other weaknesses.
Breaking AES would be like winning a lottery for someone who reads sci.crypt. It would give a next generation of algorithms which would be more secure, such as how AES is resistant to differental cryptoanalysis.
Skipjack was pretty thoroughly weakened once it was declassified. DES is still useful in TDES mode, but that is pretty expensive computation-wise compared to a newer algorithm like Twofish.
Of course, there are blocksize issues with the older cyphers...
The funny thing is that can backfire. This was something talked about on the Cypherpunks list when it was on toad.com. One discussion recommended people use a service such as an offshore data haven (when they came about) for everything. The result would be that there would be so much chaff that any spying organization [1] would be spending a lot of time trying to crack stuff just to find that they just wasted a bunch of CPU time on a TrueCrypt volume of someone's MP3 stash.
There are plainer reasons for stashing items in an "offshore data haven". Protection against geographic events, so if something the size of Hurricane Tip slams against part of the US, critical data is still retrievable.
Of course, there is one big issue with offshore data havens... how are they recompensed for the data they store, and what keeps them from deciding to hold data for ransom. If they find that they have an encrypted data blob from a company whose offices are completely demolished, they can demand a price for access and a company would either pay up or close up.
[1]: NSA, ISI, FSS, PLA, etc. The US was outed, but there are numerous other players.
More advanced firewalls can detect unknown data streams on a SSL port that are going to a server outside, cork the data, and send an alert upstream to whomever is monitoring stuff.
BlueCoat makes a killing off of stuff like this.