Not multi-100 GB, but I do have a BDXL drive on the desktop which can do 100 gig disks at 4x, using Nero.
Optical may be pedestrian as a media system (especially compared to SSDs), but there is a sweet spot in price that makes it worth using as a long term backup/archival media, especially when combined with fault-tolerant archiving [1]. Nothing is 100%, but I have found when restoring, I have had better luck pulling from CDs, DVDs, or Blu-Ray media than I have had with older HDDs.
As for time burning media, since I have a machine that acts as a file/backup server, I can fire off a backup, switch out media every so often, and call it done.
[1]: It may not be elegant, but WinRAR using volume archives combined with recovery records and recovery volumes (I try to use one extra disk for every 4-5) has done a good job so far. I have learned to avoid backup programs that write to optical drives in their own format... because there is a good chance that one glitch on a disk can render the whole archive unusable.
There are other variables as well. If the servers have disk images stored on deduplicated backend filesystems that have autotiering, the hypervisor is able to swap to a dedicated fast disk or SSD and swap the VM out if unused, then adding another VM might take very little in physical resources.
What is happening is that because VMs are easier to create, modify and archive, it allows developers to spin up new boxes as opposed to adding more tasks to existing hardware or VMs. Is this good? Possibly. It is just a change.
Personally, I'll take the SDDC trend over "use the cloud" any day. I am a fan of keeping sensitive data in-house, with time-tested items like remote recovery sites [2] and remote failover testing.
This isn't just the domain of the EMC VNX. Windows Server 2012 has deduplication [1]. Windows Server 2012 R2 has autotiering, so frequently used data would get migrated to SSD, while stuff that is not as used ends up on the slower SAS, or SATA platters.
[1]: Not active deduplication like what EMC or Oracle's ZFS offers, the deduplication on Windows is a two-phase process. Data gets written, and a background task finds duplicated blocks and replaces with links. Not as cool as what you can do with dedicated controllers and data movers as on the SAN backend, but something nice to have regardless.
[2]: With iLO, remote consoles, and other items, unmanned remote sites at a good data center are doable. Not cheap, but doable, and decently secure. If worried about someone breaking in (most commercial coloc data centers have better security than a lot of internal businesses), then there is always adding encryption (and the headache of key management in a secure, yet recoverable fashion.)
Even if the car maker can't/won't fix it, at least I know what it is so I can make a workaround, such as adding a relay to the circuit with the transponder antenna which would deny access to all keys, even valid ones, unless the switch is found.
1: They go cheap on local news, buying AP articles, or just making some report on the English royal baby, the next iPhone rumor, some celeb in rehab, or A-Rod's latest antics. Stuff that would make them worth reading gets shelves for filler.
2: People move to other sources because the same pictures of $CELEB in rehab are on the Net for free, as opposed to having to pay something.
3: Said site starts more with a paywall, or having more intrusive ads.
4: More people ditch for other sources.
Of course, it seems like the only well-funded sources that cover anything meaningful are the government propaganda sites. However, if they have nothing to be gained on slanting an article, it might be some merit to reading it.
The cautious exception is Al Jazeera. They seem to be trying to play it cautiously, so in some items, their news is surprisingly unbiased, although one always has to have that grain of salt handy.
GPOs are one tool in the toolbox. If I wanted to block users from running cmd.exe, I'd not bother with GPOs, but use AppLocker policies and block from there. Of course, that means that another shell could be used, but if I'm limiting what users can run, I would be going with a whitelist policy, as opposed to a Swiss-cheese blacklist policy.
Re:Last revolutionary M$ product
on
Windows NT Turns 20
·
· Score: 4, Informative
Being my usual devil's advocate, there have been some innovations which have been useful that MS has made. They are not revolutionary as NT (which was nice at the time because it was completely pre-emptive, while Windows and System 7/8 were cooperative multi-tasking operating systems.)
One of the bigger ones was the jump from NT 4.0 with all its service packs to Windows 2000. The old domain structure got tossed for a new directory server model, which has proven to stand the test of time in companies. Nothing is perfect, but AD has been decently reliable and secure. I don't often hear about complete compromise of AD unless someone managed to get complete rights on an AD server.
GPOs are another item. This is something that has zero value to all but enterprises, but are extremely useful when they come to play. The enterprise-tier management tools in Windows are not perfect, but they are extremely useful. If I want to lock access to USB flash drives to certain users, I can easily do that with security groups and OUs. This isn't flashy, but it makes life easier to turn the legal department writings into stuff I can say I can implement.
Then, there are some cool features. Windows Server 2012 has disk deduplication. This will come in handy on VM servers. It isn't perfect deduplication, as it is a two stage thing (writes are done normally, and a background task removes the duplicated blocks with links), but it is something useful.
There are also things that get the "A for best effort" award..NET comes to mind because it does help with some basic security issues, and allows one to use their language of choice (I even remember visual ADA.)
To me, MS is a mixed bag. They do some cool things in the enterprise. However, on the user front, they need some help/polish. They need to focus on developer morale so a new platform would get a critical mass of apps/games on it when it comes out.
4: Maybe the best solution is for the OP's firm to spend the dough, and create a remote recovery site here in the US.
Unmanned remote sites are not hard to make, they can be stored in a secure area (there are lots of unmarked data centers used as co-locs with each customer having cages for both their equipment and their dancers.)
Get with a FISMA certified provider. Get a backend SAN, or a SAN dedicated for backups. Add a read-only domain controller and a CIFS data mover.
Call it done. Data stays encrypted, because it goes through routers that encrypt links, and can be encrypted at the drive end, or anywhere in between. To boot, it stays in the US.
No staff needed at the remote site if done right. Set up iLO, remote rebooting, and remote consoles.
No rocket science here... take a server, lock it in a cage, tack a pipe to it, and move on.
I bought a MicroUSB to Lightning adapter that worked OK with my iPhone... but sparked like crazy with my iPad, so I ditched it for a cable.
However, for current to be lethal, either the DC voltage was stepped up (which might have fried the phone before the user), or the charger just passed 240VAC directly to the phone. There may be other things which can pop up.
So far, I've had good luck with third party chargers. I have a 20 amp-hour battery which can be used to charge a tablet and such when I'm camping, and don't want to fire up a generator or the car's engine.
I wouldn't say that Apple makes the only safe chargers out there, otherwise there would be piles of dead Android users and lots of litigation due to that.
What would be ideal is a file format that stores data with some error correction, so if a block got corrupted on older media, the corruption wouldn't just be detectable, but possibly correctable.
It isn't really "archival grade", but I've used the WinRAR utility for this. Archives made in 1999-2000 with error correction are still readable, check-able, and repairable, and can be moved from old CD-R to DVD to Blu-Ray, possibly to whatever the next generation of optical media will be. In fact, multi-volume archives that might have one CD or DVD go bad in a set are recoverable because I usually had one recovery volume for every four others, which might add 20% more disks to a set, but it seemed to be a fair compromise for restoring.
Analog media like photos? Keep. Who knows if there might be a better scanning technique to find more information from a photograph, similar to how one finds info about paintings.
Digital media? At least make a hash file that goes with the stored data at the minimum so corruption can be detected as the items pass to different storage media over time.
A while back, someone made a system that could go on a credit card that would play what sounded like a brief burst of static. This was used similar to a one-way car remote as a way to have a second authentication factor.
Of course, this might work and needs no additional hardware other than an ADC and DAC that are fairly accurate.
The downside is additional noise pollution. Maybe frequencies that are out of the normal human range can be used, but that narrows the amount of bandwidth the device can use to transmit/receive data with.
Ideally, we should just move to NFC. Using sound is a lowest common denominator type of way to do authentication and key exchanges. It does work, but so does Kermit over a 300 baud modem... we have better protocols and technology at our disposal.
I just fear that if IP laws get revised, they will be done in a way that is extremely hostile to the average person. Every time there is a revision of IP laws, it does nothing to help the average user out.
I would not be surprised if governments (be it European ones, the US, or others) forced all 3D printers to disallow printing of anything but signed files (where the files have to be approved by a third party to make sure they can't be used as lower receivers or anything the local politcos don't like), record and upload what people print, or require hardware-based DRM stacks on everything that interfaces with the printer (a la HDCP.)
Interesting times, and I would recommend to people to buy 3D printers now if they can, before the laws get passed regulating them... and they are not going to be regulated for the consumer's benefit...
There will come a time when people will get tired of it. Yes, the mainstream might be happy with yet another cookie-cutter reboot/squeal/remake of another comic book character, but there will be a market for films which don't follow the beaten path.
To compare it to beer, Budweiser and PBR will always be popular, but there will always be a market for microbrew/homebrew suds. Same with movies.
IMHO, if you want new films, it won't be the big names that create exciting new IP, because they, just like the music industry, have found a formula that works for them and they can just keep cranking out the same stuff, different actors, different names of the characters.
The creative stuff is likely going to be the movies that Netflix, Google, Amazon, and other places will be serving, since they are not beholden to the same model.
This is done in routinely Austin and San Antonio to find cars that are not on any insurance database. In San Antonio, if the car isn't insured, the vehicle is pulled over, driver left on the roadside, and the car impounded on the spot.
OTPs are very useful these days, and they can be used in other ways as well.
For the highest security of information, just XOR the data with the pad and send it on.
For data that doesn't need that much security, it allows a Diffie-Hellman key exchange with both sides XORing the critical parts of the exchange with the OTP stream. Then, the session key is used for bulk stuff with a conventional symmetric algorithm. This isn't as secure as a OTP, but it allows for data to be sent without burning up the bits on the stored OTP.
Of course, one needs to make sure the RNG making the OTP data is as unpredictable as possible, but that is a science all to itself.
I remember in the mid-1980s, some "word processors" which used dot-matrix printers, so one can type a line, backspace/edit that line, then once they hit return, the line gets printed, and that's that.
Maybe something similar, but using an inkjet printer instead?
Of course, there is always the issue of modern electronic devices having the ability to hide functionality a lot easier from than a mechanical device, but it might be a useful compromise.
I remember some electric typewriters using a wheel. Perhaps if the typewriter would spin the wheel at random so the distance between where the current letter is versus where it needs to go would be random (and thus unusable assuming a good RNG.) When someone is typing, it could also vary speed as well, so going from an "A" to a "B" may be the same time as going to something spaced 180 degrees away, or may not.
Add to that a small RAM buffer that scrubs data after it gets typed, and that would be decently secure.
That isn't MS's fault. It is the fault of printer makers who have their own drivers and bloatware. One maker even has their drivers limit the amount of machines that can print to their printer to five or so.
I'd point the finger at the printer makers. We have had working standards for decades now, like PostScript or even PCL.
Nail, head, hit. The PC has moved from the primary computer to more of a background workhorse. Eventually, it will merge with the server [1].
What has changed is that there are other ways to use machines other than keyboards/monitors, in the way of media consumption. Devices needed for media production are just less in demand. Where someone would view a YouTube vid on their desktop in the past, they might watch it on their laptop or phone today.
[1]: Something I find ironic since I do see a market for home servers that can do DNS caching, backups which rsync to an encrypted remote drive, OnLive-like streaming of video, SAN functionality with 10GB iSCSI, even a PCIe antenna to switch to LTE if the main upstream goes down. Ultimately, I can see the desktop becoming more of a background server (perhaps along the lines of Intel's personal servers), and would have multiple ways to access the data on it.
You are partially correct. However, the surge wasn't the issue, as it was caught and not passed on. The sag (low voltage) after it was the killer, that also managed to smoke my UPS (which ironically worked when tested by unplugging for a long time beforehand.) Sometimes low voltage is worse than none at all because it can burn out components.
The best of all worlds would have been to have an online UPS [1], which would not have cared either way, but mine was a standby model.
Dropbox isn't that expensive, and it has its uses. I don't really consider it stupid to have, because it is a place that I can toss encrypted files (EncFS protected) from my phone to access on my tablet.
[1]: I'm working on an ideal solution for computer power. The stuff I'm using doesn't take that much wattage relatively, so I'm going to be installing a set of decent solar panels, a MPPT [2] controller, and a set of batteries. With a good PSW inverter [3] on a standalone 20A circuit (i.e., a circuit that has nothing connected to the mains), the computers will always have clean power no matter what happens with the utility.
[2]: Yes, they are more expensive than PWM, just due to the inductor coils required to boost/cut voltages, but square feet for panels is limited, so I have to make use of every watt that hits the panels. One MPPT controller I saw even has the ability to "cheat" and use mains power for charging batteries when the panels are not producing usable current. This way, the battery bank doesn't get emptied. It isn't truly "off grid", but it is the next step past an online UPS.
On a devil's advocate note, when I had a power surge then sag fry my computer, my RAID protected drive array, and my external drives, the cash I was paying to Dropbox became worth it.
Next desktop machine, I loaded the Dropbox client, let it sync overnight and while I was at work, then used TrueCrypt to mount the volume. Only thing really lost was my time in rebuilding the volumes.
For protecting data on Dropbox, I use both a set of keyfiles (which are stashed away and never stored online), and a passphrase. That way, my TC containers can't be brute-forced with just what is sitting on the remote side.
This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:
1: First thing is compartmentalize. One person shouldn't have access to all the goodies.
2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.
There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.
5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)
6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.
8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.
On Dell and HP boxes, there are hooks for it to auto-load/install LoJack for Laptops the second a Windows OS is put on the machine. That might be an idea. It won't help when Linux is running, but if a thief decides to install Windows, the BIOS will automatically install the tracing program.
Of course, the best thing is to have the laptop insured, and the HDD encrypted.
I like using multiple layers of encryption, mainly for compartmentalization. One layer for everything on the HDD, preferably using a TPM (to prevent brute-forcing), then different partitions/VMs for different tasks, This way, if the laptop gets snatched while browsing the Web, my Quicken data is still protected.
I've used Paperbak to an extent, and it is a very good tool. The only problem is that it isn't widespread, so if one loses access to the download site, it might be hard to find a copy for decoding. QR codes are useful, but compared to the ability to print out data with variable compression and error correction like Paperbak, they are not that useful.
If it were my guess, there are so many priorities of glitches, and with a limited budget, if it isn't something that actively shuts down operations, resources are spent on other things.
The one good thing in this equation is the watchdog circuits. Without these in place, it can mean the hardware goes down and never comes to life again.
It is extremely hard to get working operating systems and patch management here on Earth [1]... much less having systems that are made to work where there is no way to walk up to the machine, and re-flash a new OS via the JTAG ports.
[1]: Patch management had issues for every OS I've used. AIX gets issues via lppchk which means force-installing LPPs, RedHat gets RPM glitches possibly forcing a rebuild of the DB, Windows sometimes will just not install, or permit to be installed an update from WU, and so on. Now, with this in mind, trying to patch a machine millions of miles away is very daunting for even the best of the best.
Depends on what version of Office/Word. A document secured with a 32+ character password in a recent version (Office 2003 and newer) can use SHA 512 and AES-CBC.
Of course, using a weak password, all bets are off.
If one needed to distribute data on CD encrypted the "right" way, I'd either use a large PGP archive, ship the CD with a TC volume and a keyfile encrypted to the receiving site public keys, or use a commercial utility like PGP Disk and have a volume only openable with the receiving site keys.
Done right, having encrypted media can be secure... but doing it right isn't the easiest way.
Slashdot Mirror
Not multi-100 GB, but I do have a BDXL drive on the desktop which can do 100 gig disks at 4x, using Nero.
Optical may be pedestrian as a media system (especially compared to SSDs), but there is a sweet spot in price that makes it worth using as a long term backup/archival media, especially when combined with fault-tolerant archiving [1]. Nothing is 100%, but I have found when restoring, I have had better luck pulling from CDs, DVDs, or Blu-Ray media than I have had with older HDDs.
As for time burning media, since I have a machine that acts as a file/backup server, I can fire off a backup, switch out media every so often, and call it done.
[1]: It may not be elegant, but WinRAR using volume archives combined with recovery records and recovery volumes (I try to use one extra disk for every 4-5) has done a good job so far. I have learned to avoid backup programs that write to optical drives in their own format... because there is a good chance that one glitch on a disk can render the whole archive unusable.
There are other variables as well. If the servers have disk images stored on deduplicated backend filesystems that have autotiering, the hypervisor is able to swap to a dedicated fast disk or SSD and swap the VM out if unused, then adding another VM might take very little in physical resources.
What is happening is that because VMs are easier to create, modify and archive, it allows developers to spin up new boxes as opposed to adding more tasks to existing hardware or VMs. Is this good? Possibly. It is just a change.
Personally, I'll take the SDDC trend over "use the cloud" any day. I am a fan of keeping sensitive data in-house, with time-tested items like remote recovery sites [2] and remote failover testing.
This isn't just the domain of the EMC VNX. Windows Server 2012 has deduplication [1]. Windows Server 2012 R2 has autotiering, so frequently used data would get migrated to SSD, while stuff that is not as used ends up on the slower SAS, or SATA platters.
[1]: Not active deduplication like what EMC or Oracle's ZFS offers, the deduplication on Windows is a two-phase process. Data gets written, and a background task finds duplicated blocks and replaces with links. Not as cool as what you can do with dedicated controllers and data movers as on the SAN backend, but something nice to have regardless.
[2]: With iLO, remote consoles, and other items, unmanned remote sites at a good data center are doable. Not cheap, but doable, and decently secure. If worried about someone breaking in (most commercial coloc data centers have better security than a lot of internal businesses), then there is always adding encryption (and the headache of key management in a secure, yet recoverable fashion.)
Even if the car maker can't/won't fix it, at least I know what it is so I can make a workaround, such as adding a relay to the circuit with the transponder antenna which would deny access to all keys, even valid ones, unless the switch is found.
The problem is that it is a cycle for newspapers:
1: They go cheap on local news, buying AP articles, or just making some report on the English royal baby, the next iPhone rumor, some celeb in rehab, or A-Rod's latest antics. Stuff that would make them worth reading gets shelves for filler.
2: People move to other sources because the same pictures of $CELEB in rehab are on the Net for free, as opposed to having to pay something.
3: Said site starts more with a paywall, or having more intrusive ads.
4: More people ditch for other sources.
Of course, it seems like the only well-funded sources that cover anything meaningful are the government propaganda sites. However, if they have nothing to be gained on slanting an article, it might be some merit to reading it.
The cautious exception is Al Jazeera. They seem to be trying to play it cautiously, so in some items, their news is surprisingly unbiased, although one always has to have that grain of salt handy.
GPOs are one tool in the toolbox. If I wanted to block users from running cmd.exe, I'd not bother with GPOs, but use AppLocker policies and block from there. Of course, that means that another shell could be used, but if I'm limiting what users can run, I would be going with a whitelist policy, as opposed to a Swiss-cheese blacklist policy.
Being my usual devil's advocate, there have been some innovations which have been useful that MS has made. They are not revolutionary as NT (which was nice at the time because it was completely pre-emptive, while Windows and System 7/8 were cooperative multi-tasking operating systems.)
One of the bigger ones was the jump from NT 4.0 with all its service packs to Windows 2000. The old domain structure got tossed for a new directory server model, which has proven to stand the test of time in companies. Nothing is perfect, but AD has been decently reliable and secure. I don't often hear about complete compromise of AD unless someone managed to get complete rights on an AD server.
GPOs are another item. This is something that has zero value to all but enterprises, but are extremely useful when they come to play. The enterprise-tier management tools in Windows are not perfect, but they are extremely useful. If I want to lock access to USB flash drives to certain users, I can easily do that with security groups and OUs. This isn't flashy, but it makes life easier to turn the legal department writings into stuff I can say I can implement.
Then, there are some cool features. Windows Server 2012 has disk deduplication. This will come in handy on VM servers. It isn't perfect deduplication, as it is a two stage thing (writes are done normally, and a background task removes the duplicated blocks with links), but it is something useful.
There are also things that get the "A for best effort" award. .NET comes to mind because it does help with some basic security issues, and allows one to use their language of choice (I even remember visual ADA.)
To me, MS is a mixed bag. They do some cool things in the enterprise. However, on the user front, they need some help/polish. They need to focus on developer morale so a new platform would get a critical mass of apps/games on it when it comes out.
4: Maybe the best solution is for the OP's firm to spend the dough, and create a remote recovery site here in the US.
Unmanned remote sites are not hard to make, they can be stored in a secure area (there are lots of unmarked data centers used as co-locs with each customer having cages for both their equipment and their dancers.)
Get with a FISMA certified provider. Get a backend SAN, or a SAN dedicated for backups. Add a read-only domain controller and a CIFS data mover.
Call it done. Data stays encrypted, because it goes through routers that encrypt links, and can be encrypted at the drive end, or anywhere in between. To boot, it stays in the US.
No staff needed at the remote site if done right. Set up iLO, remote rebooting, and remote consoles.
No rocket science here... take a server, lock it in a cage, tack a pipe to it, and move on.
I bought a MicroUSB to Lightning adapter that worked OK with my iPhone... but sparked like crazy with my iPad, so I ditched it for a cable.
However, for current to be lethal, either the DC voltage was stepped up (which might have fried the phone before the user), or the charger just passed 240VAC directly to the phone. There may be other things which can pop up.
So far, I've had good luck with third party chargers. I have a 20 amp-hour battery which can be used to charge a tablet and such when I'm camping, and don't want to fire up a generator or the car's engine.
I wouldn't say that Apple makes the only safe chargers out there, otherwise there would be piles of dead Android users and lots of litigation due to that.
What would be ideal is a file format that stores data with some error correction, so if a block got corrupted on older media, the corruption wouldn't just be detectable, but possibly correctable.
It isn't really "archival grade", but I've used the WinRAR utility for this. Archives made in 1999-2000 with error correction are still readable, check-able, and repairable, and can be moved from old CD-R to DVD to Blu-Ray, possibly to whatever the next generation of optical media will be. In fact, multi-volume archives that might have one CD or DVD go bad in a set are recoverable because I usually had one recovery volume for every four others, which might add 20% more disks to a set, but it seemed to be a fair compromise for restoring.
Analog media like photos? Keep. Who knows if there might be a better scanning technique to find more information from a photograph, similar to how one finds info about paintings.
Digital media? At least make a hash file that goes with the stored data at the minimum so corruption can be detected as the items pass to different storage media over time.
A while back, someone made a system that could go on a credit card that would play what sounded like a brief burst of static. This was used similar to a one-way car remote as a way to have a second authentication factor.
Of course, this might work and needs no additional hardware other than an ADC and DAC that are fairly accurate.
The downside is additional noise pollution. Maybe frequencies that are out of the normal human range can be used, but that narrows the amount of bandwidth the device can use to transmit/receive data with.
Ideally, we should just move to NFC. Using sound is a lowest common denominator type of way to do authentication and key exchanges. It does work, but so does Kermit over a 300 baud modem... we have better protocols and technology at our disposal.
I just fear that if IP laws get revised, they will be done in a way that is extremely hostile to the average person. Every time there is a revision of IP laws, it does nothing to help the average user out.
I would not be surprised if governments (be it European ones, the US, or others) forced all 3D printers to disallow printing of anything but signed files (where the files have to be approved by a third party to make sure they can't be used as lower receivers or anything the local politcos don't like), record and upload what people print, or require hardware-based DRM stacks on everything that interfaces with the printer (a la HDCP.)
Interesting times, and I would recommend to people to buy 3D printers now if they can, before the laws get passed regulating them... and they are not going to be regulated for the consumer's benefit...
There will come a time when people will get tired of it. Yes, the mainstream might be happy with yet another cookie-cutter reboot/squeal/remake of another comic book character, but there will be a market for films which don't follow the beaten path.
To compare it to beer, Budweiser and PBR will always be popular, but there will always be a market for microbrew/homebrew suds. Same with movies.
IMHO, if you want new films, it won't be the big names that create exciting new IP, because they, just like the music industry, have found a formula that works for them and they can just keep cranking out the same stuff, different actors, different names of the characters.
The creative stuff is likely going to be the movies that Netflix, Google, Amazon, and other places will be serving, since they are not beholden to the same model.
This is done in routinely Austin and San Antonio to find cars that are not on any insurance database. In San Antonio, if the car isn't insured, the vehicle is pulled over, driver left on the roadside, and the car impounded on the spot.
OTPs are very useful these days, and they can be used in other ways as well.
For the highest security of information, just XOR the data with the pad and send it on.
For data that doesn't need that much security, it allows a Diffie-Hellman key exchange with both sides XORing the critical parts of the exchange with the OTP stream. Then, the session key is used for bulk stuff with a conventional symmetric algorithm. This isn't as secure as a OTP, but it allows for data to be sent without burning up the bits on the stored OTP.
Of course, one needs to make sure the RNG making the OTP data is as unpredictable as possible, but that is a science all to itself.
I remember in the mid-1980s, some "word processors" which used dot-matrix printers, so one can type a line, backspace/edit that line, then once they hit return, the line gets printed, and that's that.
Maybe something similar, but using an inkjet printer instead?
Of course, there is always the issue of modern electronic devices having the ability to hide functionality a lot easier from than a mechanical device, but it might be a useful compromise.
I remember some electric typewriters using a wheel. Perhaps if the typewriter would spin the wheel at random so the distance between where the current letter is versus where it needs to go would be random (and thus unusable assuming a good RNG.) When someone is typing, it could also vary speed as well, so going from an "A" to a "B" may be the same time as going to something spaced 180 degrees away, or may not.
Add to that a small RAM buffer that scrubs data after it gets typed, and that would be decently secure.
That isn't MS's fault. It is the fault of printer makers who have their own drivers and bloatware. One maker even has their drivers limit the amount of machines that can print to their printer to five or so.
I'd point the finger at the printer makers. We have had working standards for decades now, like PostScript or even PCL.
Nail, head, hit. The PC has moved from the primary computer to more of a background workhorse. Eventually, it will merge with the server [1].
What has changed is that there are other ways to use machines other than keyboards/monitors, in the way of media consumption. Devices needed for media production are just less in demand. Where someone would view a YouTube vid on their desktop in the past, they might watch it on their laptop or phone today.
[1]: Something I find ironic since I do see a market for home servers that can do DNS caching, backups which rsync to an encrypted remote drive, OnLive-like streaming of video, SAN functionality with 10GB iSCSI, even a PCIe antenna to switch to LTE if the main upstream goes down. Ultimately, I can see the desktop becoming more of a background server (perhaps along the lines of Intel's personal servers), and would have multiple ways to access the data on it.
You are partially correct. However, the surge wasn't the issue, as it was caught and not passed on. The sag (low voltage) after it was the killer, that also managed to smoke my UPS (which ironically worked when tested by unplugging for a long time beforehand.) Sometimes low voltage is worse than none at all because it can burn out components.
The best of all worlds would have been to have an online UPS [1], which would not have cared either way, but mine was a standby model.
Dropbox isn't that expensive, and it has its uses. I don't really consider it stupid to have, because it is a place that I can toss encrypted files (EncFS protected) from my phone to access on my tablet.
[1]: I'm working on an ideal solution for computer power. The stuff I'm using doesn't take that much wattage relatively, so I'm going to be installing a set of decent solar panels, a MPPT [2] controller, and a set of batteries. With a good PSW inverter [3] on a standalone 20A circuit (i.e., a circuit that has nothing connected to the mains), the computers will always have clean power no matter what happens with the utility.
[2]: Yes, they are more expensive than PWM, just due to the inductor coils required to boost/cut voltages, but square feet for panels is limited, so I have to make use of every watt that hits the panels. One MPPT controller I saw even has the ability to "cheat" and use mains power for charging batteries when the panels are not producing usable current. This way, the battery bank doesn't get emptied. It isn't truly "off grid", but it is the next step past an online UPS.
On a devil's advocate note, when I had a power surge then sag fry my computer, my RAID protected drive array, and my external drives, the cash I was paying to Dropbox became worth it.
Next desktop machine, I loaded the Dropbox client, let it sync overnight and while I was at work, then used TrueCrypt to mount the volume. Only thing really lost was my time in rebuilding the volumes.
For protecting data on Dropbox, I use both a set of keyfiles (which are stashed away and never stored online), and a passphrase. That way, my TC containers can't be brute-forced with just what is sitting on the remote side.
This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:
1: First thing is compartmentalize. One person shouldn't have access to all the goodies.
2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.
There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.
5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)
6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.
8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.
On Dell and HP boxes, there are hooks for it to auto-load/install LoJack for Laptops the second a Windows OS is put on the machine. That might be an idea. It won't help when Linux is running, but if a thief decides to install Windows, the BIOS will automatically install the tracing program.
Of course, the best thing is to have the laptop insured, and the HDD encrypted.
I like using multiple layers of encryption, mainly for compartmentalization. One layer for everything on the HDD, preferably using a TPM (to prevent brute-forcing), then different partitions/VMs for different tasks, This way, if the laptop gets snatched while browsing the Web, my Quicken data is still protected.
I've used Paperbak to an extent, and it is a very good tool. The only problem is that it isn't widespread, so if one loses access to the download site, it might be hard to find a copy for decoding. QR codes are useful, but compared to the ability to print out data with variable compression and error correction like Paperbak, they are not that useful.
Devil's advocate here:
If it were my guess, there are so many priorities of glitches, and with a limited budget, if it isn't something that actively shuts down operations, resources are spent on other things.
The one good thing in this equation is the watchdog circuits. Without these in place, it can mean the hardware goes down and never comes to life again.
It is extremely hard to get working operating systems and patch management here on Earth [1]... much less having systems that are made to work where there is no way to walk up to the machine, and re-flash a new OS via the JTAG ports.
[1]: Patch management had issues for every OS I've used. AIX gets issues via lppchk which means force-installing LPPs, RedHat gets RPM glitches possibly forcing a rebuild of the DB, Windows sometimes will just not install, or permit to be installed an update from WU, and so on. Now, with this in mind, trying to patch a machine millions of miles away is very daunting for even the best of the best.
Depends on what version of Office/Word. A document secured with a 32+ character password in a recent version (Office 2003 and newer) can use SHA 512 and AES-CBC.
Of course, using a weak password, all bets are off.
If one needed to distribute data on CD encrypted the "right" way, I'd either use a large PGP archive, ship the CD with a TC volume and a keyfile encrypted to the receiving site public keys, or use a commercial utility like PGP Disk and have a volume only openable with the receiving site keys.
Done right, having encrypted media can be secure... but doing it right isn't the easiest way.