I wonder if the embedded kernel that is found in ESXi would be considered a UNIX. If that is the case, it definitely would help stats, although I seriously doubt a public stat gatherer would be able to find a hypervisor port in any installation that is installed with any sense of security at all.
Historically, this is what has killed most of the high-end UNIX architectures except for Oracle and IBM.
Even factoring in Microsoft's price hike, it can be cheaper to go with a stack of 1U boxes (or a blade/enclosure array) all running VMWare or Hyper-V than it is to continue paying the service contract costs on the older hardware.
Of course, this advantage also applies to Linux, *BSD, and Solaris x86.
In my experience, the trend seems to be from the older platforms (PA-RISC, POWER, SPARC) to a UNIX that runs on x86, rather than a complete platform change to Windows.
There is one place where a fuel cell that can work with butane and propane would have a -ton- of demand: The RV industry.
As it stands now, most RVs come with absorption refrigerators. These units have the advantage of being able to work with a boiler and a propane flame as well as an electric resistance element. However, they will destroy themselves if run off-level (the sodium chromate which is used as a rust blocker gets "cooked" out, and eventually will completely block the tube, cause a small pinhole leak. From there, the ammonia leaks out and the refrigerator is done for.
A range of absorption refrigerators have been also recalled, because there are reports of them causing fires.
Having a propane fuel cell means that the absorption refrigerator can be given the heave-ho. Instead, the fuell cell can charge the house batteries, and a compressor refrigerator that runs from 12 volts or 120/240VAC via an alternator can be used. This setup would be functionally identical to having to use the absorption fridge, but without the worry about having to have the RV perfectly level. Compressor fridges cool their contents a lot faster than the absorption fridge counterparts as well.
So, even though propane fuel cells wouldn't be useful for primary electricity, they would come in handy with RVs.
As another advantage, the power from a fuel cell would offset the electricity used to power a RV furnace's fans, which means that one doesn't have to have a loud generator or run a vehicle's engine for recharging. For people boondocking, one of the biggest considerations is running a generator as little as possible, because even the quiet ones do make noise.
If this Redox model can be scaled down to 5 kilowatts, this would completely replace the inefficient generator on the RV (generators have the Otto engine cycle which loses a good chunk of energy out the exhaust pipe coupled with the losses of energy from turning rotational energy into electrical. A fuel cell would use a fraction of the propane a propane generator uses.) This would allow running the air conditioner and microwave and other electric appliances.
Take this smaller to being able to do 300-500 watts, and this will compete with the EFOY fuel cells that are used in combination with solar charging systems to keep batteries topped off.
I'm hoping some commercial products come from this. Truma in Europe has a usable propane fuel cell, as well as top notch RV water heaters and furnaces... but they seem to have no interest in selling their products across the pond, and US water heaters and furnaces can be viewed as extremely primitive in comparison. For example, a Truma water heater has a passive mechanism to drain it when the water inside hits 35 degrees to prevent it from getting damaged due to freezing. No US heater has this.
What might be a good use for cloud is backups. Not live storage like box.net or Dropbox, but an encrypted blob of data [1] that is tossed onto a remote site and read from it as one large object.
With this in mind, managing remote data becomes an issue of key management. If each remote file is stored with a different key, just erasing that key (could be a password, or an actual keyfile as in the case of TrueCrypt) would ensure that the remote data isn't usable by anyone short of a complete AES break.
The advice from the parent is very good. However, hard disks are not archival media, so it doesn't hurt to use a known good utility (gpg for example) to make an encrypted tarball, then throw that onto a DVD or Blu-Ray disk every so often. Of course, this in combination with a backup program (Time Machine is one example) that can write to an encrypted HDD. What this gives is the ability to restore the whole OS from scratch if need be or a file. If both the drives in use and the backup drive get trashed, there is always pulling data from the optical media.
For data that needs to be stored and forgotten about (tax records), there is always GNU Privacy guard or NetPGP and Amazon Glacier, which will store a terabyte of data for about $10 a month. Of course, this shouldn't be the only archive for critical documents, but if someone's house burned down and all disks, optical and such were destroyed, stuff would be still accessible, assuming the encryption password or keys were obtainable in some fashion.
[1]: To help with size, the data can have some padding or chaff added before encryption. For example, a TrueCrypt container that has 512 megs in it could be full, empty, or anywhere in between... A gpg/PGP file can have some stuff from/dev/urandom thrown in so one can't tell the data inside from the file length.
Please correct me if I'm wrong, but didn't Apple get a patent 3-4 years ago on batteries that can be shaped differently from "conventional" ones? This enables Apple to have flatter batteries, but still have the ampere-hours available to keep a device going.
Unlike a modem that requires a carrier tone, two acoustic devices that need to send a couple frames of data (such as a Diffie-Hellman exchange) could easily send and receive the data with a few bursts. DACs and ADCs are good enough to be able to discern the encoded static, find errors and correct them, and pass the decoded packets along. This wouldn't be fast, but it would be good enough for creating a shared secret or just validating each other's public keys so future communications can be reliability secured without need of a CA.
The cloud is useful for some tasks, however there are a lot of security hurdles and perceptions. There is also the fact that WAN links are expensive, and moving everything to the cloud means that the edge links have to be very beefy, as opposed to keeping it in-house where the core LAN fabric is a lot cheaper to deal with.
The cloud is nice, but there are a lot of business regulations (and probably more to come if there are any serious breaches that make the news) to watch out for. In some cases, it is cheaper to just keep the data in house.
But things may change. In 20-30 years, there may be a breakthrough allowing for spread spectrum wireless with extremely high bandwidth or something happens like with hard disks and we go from gigabyte drives to terabyte drives in a few years due to some major technology advances.
If this does happen, and edge/WAN bandwidth does become dirt cheap, that would make life interesting, mainly because there could be a large number of cloud providers, and one could just use software that writes data among multiples to ensure it is stored safely.
A year or two ago, some company got mentioned on Slashdot which made electronically "lockable" bolts which fastened and unfastened via remote control, and were used for airline seats. They had an advantage since no tool paths for screwdrivers, wrenches, etc. were needed.
It might be a small object, but if those go into common use, and someone manages to hack a "unfasten all right now" command, it might not be a funny prank when chairs and other items come loose.
At the minimum, devices should use Bluetooth and use some sort of out of band pairing for setup (NFC, serial number/key, etc.)
One advantage of solar power is that it is distributed, which helps with redundancy on the grid.
Plus, there are multiple ways of using solar power. Grid tie is one way. However, with the fact sometimes it is more expensive to pay a utility company to string a wire to a remote property than it is to set up an off-grid solar panel array, charge controllers, battery bank, and inverters, it isn't too far-fetched for people to just go with a bunch of panels and not bother with the electric grid whatsoever.
Solar is getting cheaper, mainly because China now has the critical mass of technology and willpower to stand behind it. It is only a matter of time before we start seeing each cell having a small MPPT controller so partial shading's impact is minimized, and perhaps even having the charge controllers or inverters built into each panel, so adding more usable watts might just consist of dropping another row of panels, plugging two power cables and a CANBUS cable, and letting the electronics do the rest. China wants this technology because it means that they don't have to deploy as many coal plants, thus less pollution.
Solar is coming to a point where it is less of a matter of "why", but a matter of "why not"?
To boot, solar panels have a long life. In 20-30 years, where most energy plants need to have a complete overhaul, solar panels might need to be washed every so often. An investment now may seem foolish, but given a steady return over the years, it may be wise over the long run. This is something that Germany understands, and is allowing them to wean completely off of both nuclear energy and Russian gas.
I wonder if Sprint will even let this device on their network. GSM providers tend to not care -- if the SIM card works, the device comes online. However, as far as I know, CDMA providers in the US only allow devices they sell on their networks, so getting Sprint to allow this ZTE handset may be an exercise in futility.
My question: Is ground for growing food crops affected by this? If farmers all grow switchgrass/hemp/$whatever and make more money selling that for fuel, then it will spike food prices, which can cause major problems down the line (people can put up with a lot of injustice, but if they are starving, all bets are off.)
Ethically, I can't support a fuel that takes food out of people's mouths, even though ethanol has a number of decent advantages.
As a compromise, there are services where you use an ISP's server as a smart host for a relay. The advantage of this is that if your home E-mail server is on a blacklisted range of IPs, and if one is using DSL or cable, almost invariably, that range will be on a blackhole list (either for spam, or flagged as temporary IPs.) Yes, it does cost a little bit, but it helps ensure that E-mail sent from your domain actually reaches the receiver.
I've seen some NICs offered by Oracle which are exactly this, and are designed to convert high/bursty random IO on the order of hundreds of thousands of IOPS into constant, sequential I/O for an iSCSI or FCoE target. They have about a terabyte of SSD onboard whose sole job is to act as a ring buffer, slurping up the heavy duty writes and holding them until the data is safely on the destination.
IMHO, 8GB as a drive (active storage), I'd shy away from. 8GB as a cache for reads and a ring buffer for writes is the best way to use the SSD portion on the drive. With this in place, TRIM commands could be easily dealt with by the controller when the drive is idle.
I'm not sure how well this would help/hurt drives if used in RAID arrays (where the RAID controller has to know when the data is completely stored in a safe manner), but for general use, this would be a performance boost. Of course, I wouldn't mind having a bigger SSD cache split into one part for read caches, and the ring buffer for writing.
I'm still leery about SSDs unless I have some type of constant, ongoing backup mechanism to more reliable (and slower) media. A HDD can be recovered. A dead optical disk might be able to give something with how the pits are magnetized (in the case of MO), or how they are colored (in the case of CDs/DVDs/BD media). May not be able to pull everything, but magnetic fields can be discerned and something decoded. A SSD with all the electronics squirted out the gates isn't going to be able to be coaxed to divulge anything, no matter how much persuasion is done.
There is a lot of stuff running on XP and XPe (XP embedded.) ATMs, touch screens, computer synths, building security, HVAC systems, power monitors, CNC mills, you name it.
Of course, XPe can be locked down and have all writes to its filesystems redirected to another location (so the ROM can stay read-only, but changes be saved), but this is less of a security tool than a tool to allow a base image to be burned into an ASIC.
Sometimes security is best with airgaps, and an upgrade constitutes physically replacing a read-only CF or SD card. Of course, this isn't 100% (physical access can be compromised with ease sometimes), but it does cut off the remote attack vector.
Firewall, no, but something that scans URLs and drops ads, definitely, because one large source of malware seems to be ad servers.
China definitely has a content filter. Supposedly, it has the ability to change content in flight. If they used that to defang malware using blacklists and heuristics, it might actually be one of the best security measures a nation can take.
In a way, this is ironic. Windows 8 and Windows Server 2013 both support Hyper-V with just a package install and reboot (assuming SLAT is present in the CPU and mobo and VM stuff is turned on.)
Once on, even though it doesn't look like it, everything in Windows is running on top of a L1 hypervisor. Adding another VM to support XP is very easy (takes downloading a package from MS, yanking out the disk image, and firing that up, and XP is ready to go.)
A lot of Vista's problems is because third party driver vendors were dragged kicking and screaming to the administrator/user model, where having full admin rights was not just handed out to anything that asked for it. Oftentimes, a vendor would ship a buggy driver or application, then blame that fact on Microsoft and UAC.
Windows 7 was a lot better because the driver model has been established (with few excuses or loopholes for third parties to weasel through), and that LocalAdmin or even LocalSystem were not Bog-given rights to any program that demanded them.
Of course, MS wasn't totally innocent. What made Vista slow for me were services like the filesystem search/indexing service, which was like a UNIX machine running continual finds down all filesystems and choking I/O. Once that was disabled, Vista ran decently.
All and all, security model change was a good security improvement. A lot of malware I have seen doesn't even try for Administrator access anymore; it just sticks in the user context, running a keylogger and doing its dirty deeds there.
Even well-made operating systems like BSD and Linux are not infallible. That ship has sailed long ago, where the core security in the enterprise comes from the network [1] as opposed to being host based.
After networking, then comes the hypervisor. When an external web server gets compromised and the IDS or SAN based malware scanner (which checks the presented logical drives) sees something awry, the machine gets frozen, snapshotted (for forensic reasons), and rolled back to a known good image automatically. Of course, this won't go well for stateful things like RDBMS servers that are not clustered, but other tasks like front end web servers, having the ability to automatically stop, drop, and roll tends to be an advantage.
This doesn't say that OS security doesn't matter. However, it is a front that is a place of heavy fighting, and usually it is only a matter of time (and zero days) before a machine gets compromised. There are things that one can do which can slow this down (such as the way AIX can completely disable root so that no process has any super-user context whatsoever), but it will always be an arms race with the current operating system security models we have, especially with the way we have user contexts and application contexts the same for almost everything (unless one is using a system like SELinux which can split those.)
With more filesystems with deduplication capability coupled with RAM compression (Windows Server 2012 for example), it is becoming easier to deploy more virtual machines just to service one app. This minimizes the damage that OS compromise can do, especially if proper firewalling is done.
[1]: Core/edge firewalling, NAC, healthchecks, IDS/IPS items, etc. The main defense against compromise these days in a company is the IPS clamping down on a machine.
[2]: Most hypervisors tend to not even be available on a network, with their tools limited to an admin network. It isn't impossible, but it is very difficult to punch through a level 1 hypervisor (Hyper-V, VMWare) and jump from one machine to another.
1: A feature (mainly for database licensing) to turn off half the cores, let the cores working use the cache on the cores turned off, and crank the clock speed up. Performance in that mode is almost the same as turning on all cores, but these results can vary on what is bring run.
2: Decent bang per watt.
3: A different CPU architecture with a different set of bugs. This helps for secure applications, so if there might be a F0 0F-like bug lurking around, the bad guys would have to find it for IBM's architecture.
4: More registers to use and abuse.
5: Very good virtualization capability. Every POWER7 box thrown out is made from the ground up with a hypervisor built into both FSPs. One can just use a single machine with access to all hardware, or add VIO servers [1] and LPAR it out.
[1]: VIO servers are small AIX [2] instances that pass disk I/O and networking through to the other VMs. On VMWare ESXi, they would be roughly equivalent to a VM appliance that does routing between virtual switches.
[2]: More of a variant of AIX, called IOS... however, oem_setup_env gives you a root prompt if needed.
If all three verify, then the message (or realistically, a message hash) are good.
As for hashes, I've wondered about using this method, where one gets multiple hashes of the message via different algorithms, then XORs all of them. In this method, the resulting hash from all three should be as strong as the strongest link, because one couldn't tell the part from one algorithm from another.
Maybe it might be time for an algorithm challenge, similar to how AES got decided, and the lastest hash algorithm got chosen.
Of course, asymmetric algorithms are a lot harder to make that are secure than symmetric ones.
I wonder about, instead of naming one, naming three. That way, if in the future one gets compromised, the broken one would just not be used, or for very sensitive stuff, all three can be cascaded (not for bit length, but to keep things signed or encrypted in case one gets severely weakened.)
That is true, but for a lot of things, the ability to read/write more than a drive at a time comes into handy. For example, when setting up a batch of media that is going offsite in the weekly Iron Maiden pickup, or if the silo is partitioned so two different backup servers can access independently.
This would need multiple readers, although just having one coupler that handles all the I/O might be useful for a small array that backs up a critical server in a rack.
I wonder if Japan and China should do what Europe did in 1945-46 and provide for freely available travel between countries. This allowed people to see how others lived, and good or bad, it did do a lot in reducing tensions in the European nations. Instead of shooting at each other, the worst is the fights after the football (soccer if in the US) games.
Getting both countries to intermingle, might just give pressure to both governments to not bother rattling sabers over some small islands and focus on other things.
Slashdot Mirror
I wonder if the embedded kernel that is found in ESXi would be considered a UNIX. If that is the case, it definitely would help stats, although I seriously doubt a public stat gatherer would be able to find a hypervisor port in any installation that is installed with any sense of security at all.
Historically, this is what has killed most of the high-end UNIX architectures except for Oracle and IBM.
Even factoring in Microsoft's price hike, it can be cheaper to go with a stack of 1U boxes (or a blade/enclosure array) all running VMWare or Hyper-V than it is to continue paying the service contract costs on the older hardware.
Of course, this advantage also applies to Linux, *BSD, and Solaris x86.
In my experience, the trend seems to be from the older platforms (PA-RISC, POWER, SPARC) to a UNIX that runs on x86, rather than a complete platform change to Windows.
There is one place where a fuel cell that can work with butane and propane would have a -ton- of demand: The RV industry.
As it stands now, most RVs come with absorption refrigerators. These units have the advantage of being able to work with a boiler and a propane flame as well as an electric resistance element. However, they will destroy themselves if run off-level (the sodium chromate which is used as a rust blocker gets "cooked" out, and eventually will completely block the tube, cause a small pinhole leak. From there, the ammonia leaks out and the refrigerator is done for.
A range of absorption refrigerators have been also recalled, because there are reports of them causing fires.
Having a propane fuel cell means that the absorption refrigerator can be given the heave-ho. Instead, the fuell cell can charge the house batteries, and a compressor refrigerator that runs from 12 volts or 120/240VAC via an alternator can be used. This setup would be functionally identical to having to use the absorption fridge, but without the worry about having to have the RV perfectly level. Compressor fridges cool their contents a lot faster than the absorption fridge counterparts as well.
So, even though propane fuel cells wouldn't be useful for primary electricity, they would come in handy with RVs.
As another advantage, the power from a fuel cell would offset the electricity used to power a RV furnace's fans, which means that one doesn't have to have a loud generator or run a vehicle's engine for recharging. For people boondocking, one of the biggest considerations is running a generator as little as possible, because even the quiet ones do make noise.
If this Redox model can be scaled down to 5 kilowatts, this would completely replace the inefficient generator on the RV (generators have the Otto engine cycle which loses a good chunk of energy out the exhaust pipe coupled with the losses of energy from turning rotational energy into electrical. A fuel cell would use a fraction of the propane a propane generator uses.) This would allow running the air conditioner and microwave and other electric appliances.
Take this smaller to being able to do 300-500 watts, and this will compete with the EFOY fuel cells that are used in combination with solar charging systems to keep batteries topped off.
I'm hoping some commercial products come from this. Truma in Europe has a usable propane fuel cell, as well as top notch RV water heaters and furnaces... but they seem to have no interest in selling their products across the pond, and US water heaters and furnaces can be viewed as extremely primitive in comparison. For example, a Truma water heater has a passive mechanism to drain it when the water inside hits 35 degrees to prevent it from getting damaged due to freezing. No US heater has this.
What might be a good use for cloud is backups. Not live storage like box.net or Dropbox, but an encrypted blob of data [1] that is tossed onto a remote site and read from it as one large object.
With this in mind, managing remote data becomes an issue of key management. If each remote file is stored with a different key, just erasing that key (could be a password, or an actual keyfile as in the case of TrueCrypt) would ensure that the remote data isn't usable by anyone short of a complete AES break.
The advice from the parent is very good. However, hard disks are not archival media, so it doesn't hurt to use a known good utility (gpg for example) to make an encrypted tarball, then throw that onto a DVD or Blu-Ray disk every so often. Of course, this in combination with a backup program (Time Machine is one example) that can write to an encrypted HDD. What this gives is the ability to restore the whole OS from scratch if need be or a file. If both the drives in use and the backup drive get trashed, there is always pulling data from the optical media.
For data that needs to be stored and forgotten about (tax records), there is always GNU Privacy guard or NetPGP and Amazon Glacier, which will store a terabyte of data for about $10 a month. Of course, this shouldn't be the only archive for critical documents, but if someone's house burned down and all disks, optical and such were destroyed, stuff would be still accessible, assuming the encryption password or keys were obtainable in some fashion.
[1]: To help with size, the data can have some padding or chaff added before encryption. For example, a TrueCrypt container that has 512 megs in it could be full, empty, or anywhere in between... A gpg/PGP file can have some stuff from /dev/urandom thrown in so one can't tell the data inside from the file length.
Please correct me if I'm wrong, but didn't Apple get a patent 3-4 years ago on batteries that can be shaped differently from "conventional" ones? This enables Apple to have flatter batteries, but still have the ampere-hours available to keep a device going.
Unlike a modem that requires a carrier tone, two acoustic devices that need to send a couple frames of data (such as a Diffie-Hellman exchange) could easily send and receive the data with a few bursts. DACs and ADCs are good enough to be able to discern the encoded static, find errors and correct them, and pass the decoded packets along. This wouldn't be fast, but it would be good enough for creating a shared secret or just validating each other's public keys so future communications can be reliability secured without need of a CA.
I would state that things will balance out.
The cloud is useful for some tasks, however there are a lot of security hurdles and perceptions. There is also the fact that WAN links are expensive, and moving everything to the cloud means that the edge links have to be very beefy, as opposed to keeping it in-house where the core LAN fabric is a lot cheaper to deal with.
The cloud is nice, but there are a lot of business regulations (and probably more to come if there are any serious breaches that make the news) to watch out for. In some cases, it is cheaper to just keep the data in house.
But things may change. In 20-30 years, there may be a breakthrough allowing for spread spectrum wireless with extremely high bandwidth or something happens like with hard disks and we go from gigabyte drives to terabyte drives in a few years due to some major technology advances.
If this does happen, and edge/WAN bandwidth does become dirt cheap, that would make life interesting, mainly because there could be a large number of cloud providers, and one could just use software that writes data among multiples to ensure it is stored safely.
I've always been partial to the idea of having government officials selected from a lottery drawing of any citizen, similar to a draft.
At the minimum, I wouldn't mind seeing term limits in Congress.
A year or two ago, some company got mentioned on Slashdot which made electronically "lockable" bolts which fastened and unfastened via remote control, and were used for airline seats. They had an advantage since no tool paths for screwdrivers, wrenches, etc. were needed.
It might be a small object, but if those go into common use, and someone manages to hack a "unfasten all right now" command, it might not be a funny prank when chairs and other items come loose.
At the minimum, devices should use Bluetooth and use some sort of out of band pairing for setup (NFC, serial number/key, etc.)
One advantage of solar power is that it is distributed, which helps with redundancy on the grid.
Plus, there are multiple ways of using solar power. Grid tie is one way. However, with the fact sometimes it is more expensive to pay a utility company to string a wire to a remote property than it is to set up an off-grid solar panel array, charge controllers, battery bank, and inverters, it isn't too far-fetched for people to just go with a bunch of panels and not bother with the electric grid whatsoever.
Solar is getting cheaper, mainly because China now has the critical mass of technology and willpower to stand behind it. It is only a matter of time before we start seeing each cell having a small MPPT controller so partial shading's impact is minimized, and perhaps even having the charge controllers or inverters built into each panel, so adding more usable watts might just consist of dropping another row of panels, plugging two power cables and a CANBUS cable, and letting the electronics do the rest. China wants this technology because it means that they don't have to deploy as many coal plants, thus less pollution.
Solar is coming to a point where it is less of a matter of "why", but a matter of "why not"?
To boot, solar panels have a long life. In 20-30 years, where most energy plants need to have a complete overhaul, solar panels might need to be washed every so often. An investment now may seem foolish, but given a steady return over the years, it may be wise over the long run. This is something that Germany understands, and is allowing them to wean completely off of both nuclear energy and Russian gas.
I wonder if Sprint will even let this device on their network. GSM providers tend to not care -- if the SIM card works, the device comes online. However, as far as I know, CDMA providers in the US only allow devices they sell on their networks, so getting Sprint to allow this ZTE handset may be an exercise in futility.
My question: Is ground for growing food crops affected by this? If farmers all grow switchgrass/hemp/$whatever and make more money selling that for fuel, then it will spike food prices, which can cause major problems down the line (people can put up with a lot of injustice, but if they are starving, all bets are off.)
Ethically, I can't support a fuel that takes food out of people's mouths, even though ethanol has a number of decent advantages.
As a compromise, there are services where you use an ISP's server as a smart host for a relay. The advantage of this is that if your home E-mail server is on a blacklisted range of IPs, and if one is using DSL or cable, almost invariably, that range will be on a blackhole list (either for spam, or flagged as temporary IPs.) Yes, it does cost a little bit, but it helps ensure that E-mail sent from your domain actually reaches the receiver.
This.
I've seen some NICs offered by Oracle which are exactly this, and are designed to convert high/bursty random IO on the order of hundreds of thousands of IOPS into constant, sequential I/O for an iSCSI or FCoE target. They have about a terabyte of SSD onboard whose sole job is to act as a ring buffer, slurping up the heavy duty writes and holding them until the data is safely on the destination.
IMHO, 8GB as a drive (active storage), I'd shy away from. 8GB as a cache for reads and a ring buffer for writes is the best way to use the SSD portion on the drive. With this in place, TRIM commands could be easily dealt with by the controller when the drive is idle.
I'm not sure how well this would help/hurt drives if used in RAID arrays (where the RAID controller has to know when the data is completely stored in a safe manner), but for general use, this would be a performance boost. Of course, I wouldn't mind having a bigger SSD cache split into one part for read caches, and the ring buffer for writing.
I'm still leery about SSDs unless I have some type of constant, ongoing backup mechanism to more reliable (and slower) media. A HDD can be recovered. A dead optical disk might be able to give something with how the pits are magnetized (in the case of MO), or how they are colored (in the case of CDs/DVDs/BD media). May not be able to pull everything, but magnetic fields can be discerned and something decoded. A SSD with all the electronics squirted out the gates isn't going to be able to be coaxed to divulge anything, no matter how much persuasion is done.
There is a lot of stuff running on XP and XPe (XP embedded.) ATMs, touch screens, computer synths, building security, HVAC systems, power monitors, CNC mills, you name it.
Of course, XPe can be locked down and have all writes to its filesystems redirected to another location (so the ROM can stay read-only, but changes be saved), but this is less of a security tool than a tool to allow a base image to be burned into an ASIC.
Sometimes security is best with airgaps, and an upgrade constitutes physically replacing a read-only CF or SD card. Of course, this isn't 100% (physical access can be compromised with ease sometimes), but it does cut off the remote attack vector.
Firewall, no, but something that scans URLs and drops ads, definitely, because one large source of malware seems to be ad servers.
China definitely has a content filter. Supposedly, it has the ability to change content in flight. If they used that to defang malware using blacklists and heuristics, it might actually be one of the best security measures a nation can take.
In a way, this is ironic. Windows 8 and Windows Server 2013 both support Hyper-V with just a package install and reboot (assuming SLAT is present in the CPU and mobo and VM stuff is turned on.)
Once on, even though it doesn't look like it, everything in Windows is running on top of a L1 hypervisor. Adding another VM to support XP is very easy (takes downloading a package from MS, yanking out the disk image, and firing that up, and XP is ready to go.)
A lot of Vista's problems is because third party driver vendors were dragged kicking and screaming to the administrator/user model, where having full admin rights was not just handed out to anything that asked for it. Oftentimes, a vendor would ship a buggy driver or application, then blame that fact on Microsoft and UAC.
Windows 7 was a lot better because the driver model has been established (with few excuses or loopholes for third parties to weasel through), and that LocalAdmin or even LocalSystem were not Bog-given rights to any program that demanded them.
Of course, MS wasn't totally innocent. What made Vista slow for me were services like the filesystem search/indexing service, which was like a UNIX machine running continual finds down all filesystems and choking I/O. Once that was disabled, Vista ran decently.
All and all, security model change was a good security improvement. A lot of malware I have seen doesn't even try for Administrator access anymore; it just sticks in the user context, running a keylogger and doing its dirty deeds there.
Even well-made operating systems like BSD and Linux are not infallible. That ship has sailed long ago, where the core security in the enterprise comes from the network [1] as opposed to being host based.
After networking, then comes the hypervisor. When an external web server gets compromised and the IDS or SAN based malware scanner (which checks the presented logical drives) sees something awry, the machine gets frozen, snapshotted (for forensic reasons), and rolled back to a known good image automatically. Of course, this won't go well for stateful things like RDBMS servers that are not clustered, but other tasks like front end web servers, having the ability to automatically stop, drop, and roll tends to be an advantage.
This doesn't say that OS security doesn't matter. However, it is a front that is a place of heavy fighting, and usually it is only a matter of time (and zero days) before a machine gets compromised. There are things that one can do which can slow this down (such as the way AIX can completely disable root so that no process has any super-user context whatsoever), but it will always be an arms race with the current operating system security models we have, especially with the way we have user contexts and application contexts the same for almost everything (unless one is using a system like SELinux which can split those.)
With more filesystems with deduplication capability coupled with RAM compression (Windows Server 2012 for example), it is becoming easier to deploy more virtual machines just to service one app. This minimizes the damage that OS compromise can do, especially if proper firewalling is done.
[1]: Core/edge firewalling, NAC, healthchecks, IDS/IPS items, etc. The main defense against compromise these days in a company is the IPS clamping down on a machine.
[2]: Most hypervisors tend to not even be available on a network, with their tools limited to an admin network. It isn't impossible, but it is very difficult to punch through a level 1 hypervisor (Hyper-V, VMWare) and jump from one machine to another.
POWER7 has some nice advantages over x86/amd64:
1: A feature (mainly for database licensing) to turn off half the cores, let the cores working use the cache on the cores turned off, and crank the clock speed up. Performance in that mode is almost the same as turning on all cores, but these results can vary on what is bring run.
2: Decent bang per watt.
3: A different CPU architecture with a different set of bugs. This helps for secure applications, so if there might be a F0 0F-like bug lurking around, the bad guys would have to find it for IBM's architecture.
4: More registers to use and abuse.
5: Very good virtualization capability. Every POWER7 box thrown out is made from the ground up with a hypervisor built into both FSPs. One can just use a single machine with access to all hardware, or add VIO servers [1] and LPAR it out.
[1]: VIO servers are small AIX [2] instances that pass disk I/O and networking through to the other VMs. On VMWare ESXi, they would be roughly equivalent to a VM appliance that does routing between virtual switches.
[2]: More of a variant of AIX, called IOS... however, oem_setup_env gives you a root prompt if needed.
There are always parallel signatures:
RSA(m1)
ECC(m1)
Lattice(m1)
If all three verify, then the message (or realistically, a message hash) are good.
As for hashes, I've wondered about using this method, where one gets multiple hashes of the message via different algorithms, then XORs all of them. In this method, the resulting hash from all three should be as strong as the strongest link, because one couldn't tell the part from one algorithm from another.
Maybe it might be time for an algorithm challenge, similar to how AES got decided, and the lastest hash algorithm got chosen.
Of course, asymmetric algorithms are a lot harder to make that are secure than symmetric ones.
I wonder about, instead of naming one, naming three. That way, if in the future one gets compromised, the broken one would just not be used, or for very sensitive stuff, all three can be cascaded (not for bit length, but to keep things signed or encrypted in case one gets severely weakened.)
That is true, but for a lot of things, the ability to read/write more than a drive at a time comes into handy. For example, when setting up a batch of media that is going offsite in the weekly Iron Maiden pickup, or if the silo is partitioned so two different backup servers can access independently.
This would need multiple readers, although just having one coupler that handles all the I/O might be useful for a small array that backs up a critical server in a rack.
I wonder if Japan and China should do what Europe did in 1945-46 and provide for freely available travel between countries. This allowed people to see how others lived, and good or bad, it did do a lot in reducing tensions in the European nations. Instead of shooting at each other, the worst is the fights after the football (soccer if in the US) games.
Getting both countries to intermingle, might just give pressure to both governments to not bother rattling sabers over some small islands and focus on other things.