The inherent thing about solar is that it is a bottom-up effort. People stick panels on their RVs, companies add thin film cells to their roof, new homes go up with solar shingles. It isn't just one entity that controls the solar ecosystem.
Solar has the advantage of not being able to be destroyed by a simple shout of "NIMBY!", which is how nuclear power has been put aside for decades.
Even if a government tries to ban solar panels in the hands of people, it would be a losing and highly unpopular battle. At the minimum, solar isn't going away. Realistically, it will be an industry that always will be expanding. A city can refuse to build a solar plant, but that doesn't mean homeowners are not going to continue to add panels because the 20 year ROI on modern systems is quite good.
It can mean intersections designed just for autopiloting cars. No signals needed, and instead of forcing traffic to stop, cars can be slowed down or sped up to keep an intersection constantly moving. Road upgrades is something that is something very few municipal areas want to deal with, and usually if it is a new highway, it is a toll road. This would allow existing infrastructure to work faster, especially if breakdown lanes are able to be used, and cars spaced on a road by width (SMART cars can be packed better than tractor trailer rigs.)
Of course, the ability for the car to go by itself to an all-night garage for an oil change, then be in the driveway and ready for the morning commute is a nice bonus.
No complaints here. Computers are not perfect, but they are better what we have.
That might have blowback on the utility companies in an unexpected way: With solar panels are also solar charge controllers. It used to be that one would have to pay $500 or so for a name brand MPPT model. Now, one can get a decently reliable no-name CC from eBay, and a quick gander inside shows that it is actually using true inductor coils for about a C-note. It might not have the options that the name brands do, but it will keep the batteries charged at multiple stages.
With PSW (pure sine wave) inverters also becoming more common, I've seen some homeowners bite the bullet and have 1-2 circuits in their place wired to a battery bank. No, the circuit won't run the big stuff (dryer, A/C, etc.) but it can keep items like sump pumps, well pumps, computers, and other things going no matter how dirty the mains power gets.
As battery storage gets better (it is pretty slow, but it is happening), more and more circuits on a house can be moved from mains power to the off-grid system.
This will be a loss for the utility company because they won't have as much available peak energy because people will move from grid-tie systems to battery banks, where no power will go back to the grid whatsoever. If the utility company raises rates to compensate for the less available peak usage, it will have to fight against regulators, and if they do succeed in a fee hike, it makes the cost of off-grid systems even more reasonable for homeowners, causing more people to move off-grid.
Even here in TX, people are waking up to solar. Austin has a pretty decent sized 34 MW solar array (Webberville Solar Farm.) In this area, wind is iffish (unlike west Texas where wind is reliable enough to stick the turbines up en masse), but solar is very reliable, especially come summer.
I was at a local county fair a few months ago. Oddly enough, in this rural area, even Eaton was selling grid-tie inverters and solar panels with built in MPPT controllers to help with partial shading. A few years back, the locals would pay their bucks to have the local utility drop a pole, and call it done. Then, at best, solar was used to keep an electric fence battery running on a far corner of a ranch.
Now, barns, farmhouses, carports, and almost any south-facing surface gets panels attached and either is used to turn the meter backwards or to power a battery bank and inverters for off-grid use. This is the same area with oil wells still pumping away.
The US still has a way to go, but if one of the least alternative-energy friendly areas of the world, rural Texan ranchers with oil pumps on their property, are throwing up large solar deployments, this bodes extremely well.
Again, solar doesn't solve everything, until we get some improvements in storage technologies. However, it does do a good job during peak hours when stuff is needed.
Solar panel makers tend to be very conservative in what they do as well.
The main reason is that their main market are institutions looking to put in a system and deal with the cost for it up front, and not worry about the setup (other than blowing snow or perhaps an occasional cleaning.) Since panels have to be designed to run for decades, the panel makers tend to be very leery of using anything new until it gets through internal QA and the legal eagles give their nod.
Oddly enough, I've heard of more than one report of panels actually giving more output than they are rated for after 30+ years of use. These are anecdotes, so not real concrete evidence, but it does show that a solar deployment can pay off quite well in the long term.
I see solar branching into two segments. One is maximum watt for buck, and another is maximum wattage per square foot. These sound similar, but there are use cases where one would pay more for a panel because they are limited by area (RVs are a good example.) Other cases (tossing panels on a roof, carport, and the doghouse) where square footage isn't that big an issue, cost per watt is more useful.
Of course, some panels are better in bright sun, others good in overcast weather as well, so that is another item.
I wouldn't say all Americans. In Georgia, we are seeing strange bedfellows (the Sierra club, the Greens, and the Tea Party) all banding together to push for solar energy. Here, solar has stopped being a "hippie" concept, and seeing mainstream use. In fact, solar is becoming a "why not" rather than a "why" question in building installs. One can even buy and wire up roof shingles (Dow Powerhouse is one example) now so one doesn't have to worry about panels.
One has to separate US citizens and residents from US businesses like Big Coal/Oil.
Even though the US lost its solar industry due to government inattention, individual Americans are building solar installations left and right, despite the fact that solar panels are imported. In a way it is good, since there are no-name MPPT controllers that are decent quality available very inexpensively.
No, solar isn't a cure-all (it mainly helps with the peak, and when off-grid, batteries don't last forever), but it is a lot better than more coal or natural gas plants.
I wonder if this could be solved how I solve this issue with PGP keys, which can be three ways:
1: Have multiple places have the ability to revoke your cert for you, say 3 out of five people or organizations. Of course, three of these compromised could generate a fake revocation, but the data signed/encrypted by the original private key is still protected.
2: Generate and save offline revocation certificates. The only thing an attacker can do with a revocation cert is propagate it, expiring a valid key early, which can be an attack to deny access, but it would not mean they could read data by that key.
3: This is the most dangerous, and one that takes a lot of assurance to run right. A key escrow service. The good is that a private key can be recovered. The bad is that if it isn't done 100% perfectly, a bad guy can recover a key which is the worst possible thing of all worlds.
Intel used to have an appliance that did that. You configured a private key on the device, got the key signed and a valid CA cert on it, plug the machines used for round-robin Web serving into one port, the Internet/DMZ output to another port, and let it do all the HTTP to HTTPS translating. The Web servers just saw plain HTTP coming in, and the people on the outside had everything HTTPS based.
What can be done is to add a trust factor to CAs. Say someone doesn't like a CA out of Elbonia, they can completely nullify it by adding a trust factor of 0. A CA that someone personally runs and can vouch for would get a factor of 1.0. A CA that one is unsure about, might end up with a 0.5 for a factor. Then, there is a threshold set that if it goes above it, the site is trusted.
An example: Three CAs, trusted at 0.5, have signed a site's key. The threshold of trusting the site is set by the user at 1.2, so this causes the site to be considered trustworthy. Another way this can happen is two sites trusted at a 1.0 factor could go over.
Then, one can add distrust, where if one CA is distrusted at a -1 factor, it would take three 1.0 trusted CAs to bring a site over the 1.2 threshold.
If one wanted to get fancy, reputations can propagate between individuals which might add more weight to trust/distrust a site's certificate. A site's trust can increase over time if its certificate has not changed in a while as well.
We could assign CAs a trust factor and have multiple CAs in different geographic locations (preferably different countries) sign a key. However, this turns SSL from a PKI into a WoT (web of trust.)
Without a doubt, a well maintained web of trust is more secure than the SSL/TLS principle of "anything signed by these root certs is 100% trustworthy." However, there is the user issue. Joe Sixpack wants a green lock icon. He doesn't want to worry that CA #1 is more trustworthy than CA #2. He just wants to enter his credit card details with a low chance that it will be compromised.
There are a few keyboards that have that. Of course, my last one had it right by the tab key, so when I'd be playing some MMO, I'd switch targets only to shut the computer down or have it sleep... and the key wasn't disable-able with the normal "sleep key" function under Windows's power options. Of course when I came back to the game, it was usually not a pretty sight.
The answer? My way was crude, but prying the key out did the trick until I just gave in and bought a usable bare-bones keyboard. (I hate replacing things unless they are broken as a matter of principle.)
What I've wanted was a keyboard with a key that when pressed would immediately lock the keyboard and screen. Windows-L does work if I'm in Windows, but sometimes if the computer is very busy, it might not catch it, and I may not be running Windows, so engaging the screenlocker might be something more intricate [1]. Some old dumb terminals had a key that when pressed, it immediately cleared the screen and dumped all functions.
[1]: Most newer Linux variants disable control-alt-backspace by default, so unless one explicitly re-enables it in the xorg.conf file, one can't just kill their X session by hitting that and letting xdm/gdm restart.
No real excuse for this. This is exactly what network IDS/IPS programs/appliances are for.
Any data center dealing with sensitive information should have an IDS/IPS installation which should have shut down nbc.exe's access out to the Internet, or at least raised a red flag in Splunk or whatever logging console application in use. Most data centers have a list of authorized IPs that internal sites communicate out to, and if some machine communicates to an IP repeatedly on a sensitive network, it would be investigated, or at the minimum, looked at. Multiple machines communicating encrypted data to site out on the Internet is something that IDS applications are designed to detect, and IPS offerings designed to cork until someone takes a look at it.
Security isn't rocket science. It is using basic concepts to compartmentalize information and applications to check for known/unknown attacks, and buying/using the tools needed.
Facebook is a social media site where you go to see someone's cat pictures, maybe someone railing about gun control, or perhaps an invite to an IP masquerade ball come next month.
How did Facebook turn into a bank, a CA, and a trusted authentication provider? The last time we had a third party doing the gatekeeping was back in the days of Microsoft Passport (then renamed.NET logins, separate from the.net language.)
I can understand FB offering this, but I'd at least want to see some third party auditing done on the security aspect side, both routine and unexpected audits. At the minimum, the same level as FISMA security standards.
Of course, I am leery of another website having that much control over my users. As an OpenID provider, that is one thing. As the sole keeper of the keys, no.
MS could have just released both tablets as x86 ones, and they would have been decent replacements for primary PCs, especially if the tablets have a decent GPU/chipset.
The Surface 2 is OK, but it has to fight against well-entrenched players.
However, the Surface Pro 2 looks interesting as a primary computer, especially the one with 512GB of flash and 8GB of RAM. It won't win any benchmarks, but with the dock, it could be a decent desktop replacement, especially with USB 3.0 ports. In fact, it might have a long useful life, because it could run Windows Server 2012, Linux, or an OS of choice, and be easily tossed onto the top of a closet to act as a file or web server when it becomes too slow for mainstream software.
Phone apps are inexpensive that it is easy to buy similar stuff for both platforms. Couple that with offsite storage like Dropbox, and swapping from iOS to Android and back consists of moving the SIM card from device to device, getting the new device to read in changes and propagation from contacts, and the job is done. The two things that are tough to move cross platforms are movies, mainly due to DRM issues, and game saves.
Jumping platforms is painless for the most part, although there can be apps that have no counterpart on the other platform.
Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.
There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if the app gets switched to, no data will be usable.
I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.
So, a simple, "| xterm" typed in got you a root shell immediately.
This was patched in the next minor rev, but it was a fairly gaping hole at the time.
I wonder when devices will start having a duress code where if swiped one way, the device opens normally. Swiped another way, device opens, but yet calls the local popo and reports a holdup in progress.
Another downside is that sometimes I don't data to go through a LTE link if it is expensive. On iOS 7, this is controllable on an app basis, but having a switch to allow/disallow it would be nice.
Multipath TCP would be extremely useful though regardless.
What I wonder about would be adding some form of crypto between the endpoints. That way, unless the attacker could watch all connections at the same time, the traffic would be useless. Perhaps Diffie-Hellman key negotiations that use all multiple links to set up a key. Of course, some connections can be marked more secure than others (say one has fast WAN bandwidth, but an extremely slow LAN link), so the machines can sync keys along the slow, secure link while doing the most of their communication encrypted via the fast, insecure one.
That is disappointing. It would be nice to at the minimum be able to get an "ACK/NAK" value which would confirm usage of a security sensitive function.
Even though it has its downsides, it is nice to have additional security, not to mention protection from people shoulder-surfing your screen unlock password.
For #12, I'm curious about the app updates, especially the fingerprint scanner. I wonder how authentication info is passed to the app, be it a salted value, or an "ACK/NAK" return.
If I were writing an app that used custom user private/public keys, a salted value would be useful because that could be made as part of the encryption key that is used to protected the stored private keys. With that in place, even if an attacker gets the user's screen unlock PIN and the key passphrase, the encryption keys are pretty much still tightly locked up.
A simple "ack/nak" would mean a lot less security, but would help with making sure that each decrypt/sign is acknowledged by the user by a fingerprint swipe.
The block combined with YouMail (you forward your voice mails to their service, and they give specific messages for callers, or just ditch them with "number not in service" messages.) is better than nothing.
Of course, the ideal is the app Mr. Number in Android, which does a search to see if the number is flagged as a robodialer or spam, then drops the call if that is the case. No having to block tons of numbers.
Sort of sad that iOS took this long to get this functionality. With robodialers a big money source and the FCC a laughingstock (good luck catching a VoIP spammer offshore), number blacklists are the main line of defense these days.
Slashdot Mirror
The inherent thing about solar is that it is a bottom-up effort. People stick panels on their RVs, companies add thin film cells to their roof, new homes go up with solar shingles. It isn't just one entity that controls the solar ecosystem.
Solar has the advantage of not being able to be destroyed by a simple shout of "NIMBY!", which is how nuclear power has been put aside for decades.
Even if a government tries to ban solar panels in the hands of people, it would be a losing and highly unpopular battle. At the minimum, solar isn't going away. Realistically, it will be an industry that always will be expanding. A city can refuse to build a solar plant, but that doesn't mean homeowners are not going to continue to add panels because the 20 year ROI on modern systems is quite good.
It can mean intersections designed just for autopiloting cars. No signals needed, and instead of forcing traffic to stop, cars can be slowed down or sped up to keep an intersection constantly moving. Road upgrades is something that is something very few municipal areas want to deal with, and usually if it is a new highway, it is a toll road. This would allow existing infrastructure to work faster, especially if breakdown lanes are able to be used, and cars spaced on a road by width (SMART cars can be packed better than tractor trailer rigs.)
Of course, the ability for the car to go by itself to an all-night garage for an oil change, then be in the driveway and ready for the morning commute is a nice bonus.
No complaints here. Computers are not perfect, but they are better what we have.
That might have blowback on the utility companies in an unexpected way: With solar panels are also solar charge controllers. It used to be that one would have to pay $500 or so for a name brand MPPT model. Now, one can get a decently reliable no-name CC from eBay, and a quick gander inside shows that it is actually using true inductor coils for about a C-note. It might not have the options that the name brands do, but it will keep the batteries charged at multiple stages.
With PSW (pure sine wave) inverters also becoming more common, I've seen some homeowners bite the bullet and have 1-2 circuits in their place wired to a battery bank. No, the circuit won't run the big stuff (dryer, A/C, etc.) but it can keep items like sump pumps, well pumps, computers, and other things going no matter how dirty the mains power gets.
As battery storage gets better (it is pretty slow, but it is happening), more and more circuits on a house can be moved from mains power to the off-grid system.
This will be a loss for the utility company because they won't have as much available peak energy because people will move from grid-tie systems to battery banks, where no power will go back to the grid whatsoever. If the utility company raises rates to compensate for the less available peak usage, it will have to fight against regulators, and if they do succeed in a fee hike, it makes the cost of off-grid systems even more reasonable for homeowners, causing more people to move off-grid.
Even here in TX, people are waking up to solar. Austin has a pretty decent sized 34 MW solar array (Webberville Solar Farm.) In this area, wind is iffish (unlike west Texas where wind is reliable enough to stick the turbines up en masse), but solar is very reliable, especially come summer.
I was at a local county fair a few months ago. Oddly enough, in this rural area, even Eaton was selling grid-tie inverters and solar panels with built in MPPT controllers to help with partial shading. A few years back, the locals would pay their bucks to have the local utility drop a pole, and call it done. Then, at best, solar was used to keep an electric fence battery running on a far corner of a ranch.
Now, barns, farmhouses, carports, and almost any south-facing surface gets panels attached and either is used to turn the meter backwards or to power a battery bank and inverters for off-grid use. This is the same area with oil wells still pumping away.
The US still has a way to go, but if one of the least alternative-energy friendly areas of the world, rural Texan ranchers with oil pumps on their property, are throwing up large solar deployments, this bodes extremely well.
Again, solar doesn't solve everything, until we get some improvements in storage technologies. However, it does do a good job during peak hours when stuff is needed.
Solar panel makers tend to be very conservative in what they do as well.
The main reason is that their main market are institutions looking to put in a system and deal with the cost for it up front, and not worry about the setup (other than blowing snow or perhaps an occasional cleaning.) Since panels have to be designed to run for decades, the panel makers tend to be very leery of using anything new until it gets through internal QA and the legal eagles give their nod.
Oddly enough, I've heard of more than one report of panels actually giving more output than they are rated for after 30+ years of use. These are anecdotes, so not real concrete evidence, but it does show that a solar deployment can pay off quite well in the long term.
I see solar branching into two segments. One is maximum watt for buck, and another is maximum wattage per square foot. These sound similar, but there are use cases where one would pay more for a panel because they are limited by area (RVs are a good example.) Other cases (tossing panels on a roof, carport, and the doghouse) where square footage isn't that big an issue, cost per watt is more useful.
Of course, some panels are better in bright sun, others good in overcast weather as well, so that is another item.
I wouldn't say all Americans. In Georgia, we are seeing strange bedfellows (the Sierra club, the Greens, and the Tea Party) all banding together to push for solar energy. Here, solar has stopped being a "hippie" concept, and seeing mainstream use. In fact, solar is becoming a "why not" rather than a "why" question in building installs. One can even buy and wire up roof shingles (Dow Powerhouse is one example) now so one doesn't have to worry about panels.
One has to separate US citizens and residents from US businesses like Big Coal/Oil.
Even though the US lost its solar industry due to government inattention, individual Americans are building solar installations left and right, despite the fact that solar panels are imported. In a way it is good, since there are no-name MPPT controllers that are decent quality available very inexpensively.
No, solar isn't a cure-all (it mainly helps with the peak, and when off-grid, batteries don't last forever), but it is a lot better than more coal or natural gas plants.
I wonder if this could be solved how I solve this issue with PGP keys, which can be three ways:
1: Have multiple places have the ability to revoke your cert for you, say 3 out of five people or organizations. Of course, three of these compromised could generate a fake revocation, but the data signed/encrypted by the original private key is still protected.
2: Generate and save offline revocation certificates. The only thing an attacker can do with a revocation cert is propagate it, expiring a valid key early, which can be an attack to deny access, but it would not mean they could read data by that key.
3: This is the most dangerous, and one that takes a lot of assurance to run right. A key escrow service. The good is that a private key can be recovered. The bad is that if it isn't done 100% perfectly, a bad guy can recover a key which is the worst possible thing of all worlds.
Intel used to have an appliance that did that. You configured a private key on the device, got the key signed and a valid CA cert on it, plug the machines used for round-robin Web serving into one port, the Internet/DMZ output to another port, and let it do all the HTTP to HTTPS translating. The Web servers just saw plain HTTP coming in, and the people on the outside had everything HTTPS based.
I think HP sells something similar.
What can be done is to add a trust factor to CAs. Say someone doesn't like a CA out of Elbonia, they can completely nullify it by adding a trust factor of 0. A CA that someone personally runs and can vouch for would get a factor of 1.0. A CA that one is unsure about, might end up with a 0.5 for a factor. Then, there is a threshold set that if it goes above it, the site is trusted.
An example: Three CAs, trusted at 0.5, have signed a site's key. The threshold of trusting the site is set by the user at 1.2, so this causes the site to be considered trustworthy. Another way this can happen is two sites trusted at a 1.0 factor could go over.
Then, one can add distrust, where if one CA is distrusted at a -1 factor, it would take three 1.0 trusted CAs to bring a site over the 1.2 threshold.
If one wanted to get fancy, reputations can propagate between individuals which might add more weight to trust/distrust a site's certificate. A site's trust can increase over time if its certificate has not changed in a while as well.
We could assign CAs a trust factor and have multiple CAs in different geographic locations (preferably different countries) sign a key. However, this turns SSL from a PKI into a WoT (web of trust.)
Without a doubt, a well maintained web of trust is more secure than the SSL/TLS principle of "anything signed by these root certs is 100% trustworthy." However, there is the user issue. Joe Sixpack wants a green lock icon. He doesn't want to worry that CA #1 is more trustworthy than CA #2. He just wants to enter his credit card details with a low chance that it will be compromised.
There are a few keyboards that have that. Of course, my last one had it right by the tab key, so when I'd be playing some MMO, I'd switch targets only to shut the computer down or have it sleep... and the key wasn't disable-able with the normal "sleep key" function under Windows's power options. Of course when I came back to the game, it was usually not a pretty sight.
The answer? My way was crude, but prying the key out did the trick until I just gave in and bought a usable bare-bones keyboard. (I hate replacing things unless they are broken as a matter of principle.)
What I've wanted was a keyboard with a key that when pressed would immediately lock the keyboard and screen. Windows-L does work if I'm in Windows, but sometimes if the computer is very busy, it might not catch it, and I may not be running Windows, so engaging the screenlocker might be something more intricate [1]. Some old dumb terminals had a key that when pressed, it immediately cleared the screen and dumped all functions.
[1]: Most newer Linux variants disable control-alt-backspace by default, so unless one explicitly re-enables it in the xorg.conf file, one can't just kill their X session by hitting that and letting xdm/gdm restart.
No real excuse for this. This is exactly what network IDS/IPS programs/appliances are for.
Any data center dealing with sensitive information should have an IDS/IPS installation which should have shut down nbc.exe's access out to the Internet, or at least raised a red flag in Splunk or whatever logging console application in use. Most data centers have a list of authorized IPs that internal sites communicate out to, and if some machine communicates to an IP repeatedly on a sensitive network, it would be investigated, or at the minimum, looked at. Multiple machines communicating encrypted data to site out on the Internet is something that IDS applications are designed to detect, and IPS offerings designed to cork until someone takes a look at it.
Security isn't rocket science. It is using basic concepts to compartmentalize information and applications to check for known/unknown attacks, and buying/using the tools needed.
Now here is where I don't understand things.
Facebook is a social media site where you go to see someone's cat pictures, maybe someone railing about gun control, or perhaps an invite to an IP masquerade ball come next month.
How did Facebook turn into a bank, a CA, and a trusted authentication provider? The last time we had a third party doing the gatekeeping was back in the days of Microsoft Passport (then renamed .NET logins, separate from the .net language.)
I can understand FB offering this, but I'd at least want to see some third party auditing done on the security aspect side, both routine and unexpected audits. At the minimum, the same level as FISMA security standards.
Of course, I am leery of another website having that much control over my users. As an OpenID provider, that is one thing. As the sole keeper of the keys, no.
MS could have just released both tablets as x86 ones, and they would have been decent replacements for primary PCs, especially if the tablets have a decent GPU/chipset.
The Surface 2 is OK, but it has to fight against well-entrenched players.
However, the Surface Pro 2 looks interesting as a primary computer, especially the one with 512GB of flash and 8GB of RAM. It won't win any benchmarks, but with the dock, it could be a decent desktop replacement, especially with USB 3.0 ports. In fact, it might have a long useful life, because it could run Windows Server 2012, Linux, or an OS of choice, and be easily tossed onto the top of a closet to act as a file or web server when it becomes too slow for mainstream software.
The most surprising thing about the Moto X -- if you buy the unlocked version, the bootloader is unlocked.
I just hope this continues, because I've found that the radios on the Motorola products tend to be quite good when it comes to reception.
Phone apps are inexpensive that it is easy to buy similar stuff for both platforms. Couple that with offsite storage like Dropbox, and swapping from iOS to Android and back consists of moving the SIM card from device to device, getting the new device to read in changes and propagation from contacts, and the job is done. The two things that are tough to move cross platforms are movies, mainly due to DRM issues, and game saves.
Jumping platforms is painless for the most part, although there can be apps that have no counterpart on the other platform.
Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.
There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if the app gets switched to, no data will be usable.
I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.
So, a simple, "| xterm" typed in got you a root shell immediately.
This was patched in the next minor rev, but it was a fairly gaping hole at the time.
Rock hasn't been known for its impenetrability to water, otherwise basements wouldn't need sump pumps.
Of course, CO2 + water = carbonic acid, which has a tendency to dissolve rock. We will likely see those chambers leak sooner or later.
I wonder when devices will start having a duress code where if swiped one way, the device opens normally. Swiped another way, device opens, but yet calls the local popo and reports a holdup in progress.
Even my 13 year old house alarm has that.
Another downside is that sometimes I don't data to go through a LTE link if it is expensive. On iOS 7, this is controllable on an app basis, but having a switch to allow/disallow it would be nice.
Multipath TCP would be extremely useful though regardless.
What I wonder about would be adding some form of crypto between the endpoints. That way, unless the attacker could watch all connections at the same time, the traffic would be useless. Perhaps Diffie-Hellman key negotiations that use all multiple links to set up a key. Of course, some connections can be marked more secure than others (say one has fast WAN bandwidth, but an extremely slow LAN link), so the machines can sync keys along the slow, secure link while doing the most of their communication encrypted via the fast, insecure one.
That is disappointing. It would be nice to at the minimum be able to get an "ACK/NAK" value which would confirm usage of a security sensitive function.
Even though it has its downsides, it is nice to have additional security, not to mention protection from people shoulder-surfing your screen unlock password.
For #12, I'm curious about the app updates, especially the fingerprint scanner. I wonder how authentication info is passed to the app, be it a salted value, or an "ACK/NAK" return.
If I were writing an app that used custom user private/public keys, a salted value would be useful because that could be made as part of the encryption key that is used to protected the stored private keys. With that in place, even if an attacker gets the user's screen unlock PIN and the key passphrase, the encryption keys are pretty much still tightly locked up.
A simple "ack/nak" would mean a lot less security, but would help with making sure that each decrypt/sign is acknowledged by the user by a fingerprint swipe.
The block combined with YouMail (you forward your voice mails to their service, and they give specific messages for callers, or just ditch them with "number not in service" messages.) is better than nothing.
Of course, the ideal is the app Mr. Number in Android, which does a search to see if the number is flagged as a robodialer or spam, then drops the call if that is the case. No having to block tons of numbers.
Sort of sad that iOS took this long to get this functionality. With robodialers a big money source and the FCC a laughingstock (good luck catching a VoIP spammer offshore), number blacklists are the main line of defense these days.