Is this a surprise to anybody? why do you think all TV vendors are pushing for "Smart TV"? all this metadata could be a huge source of revenue to them in all kinds of areas, from advertising profiling to law enforcement.
Since we have more and more connected devices in our lives, you've got to take extra precautions. First and foremost, if your device doesn't need to be connected to the Internet, just don't. There is no reason your wired printer need Internet access, so block that MAC address for external access. If your device does need it, then make sure that it's in an isolated segment with no raw access to Ethernet frames from other systems in your house, and if it's WiFi-enabled, make sure you have guest isolation turned on. Then, setup a proxy, transparent or not, to make sure you have the chance to monitor that traffic for unexpected surprises. If you can, whitelist some specific sites that your application needs to access, like Netflix or VUDU for example and block access to everything else.
Finally, why use apps in the TV when you can have excellent open source software provide you with content, like XBMC or MythTV?
Many of the comments here are from people who has not seen or read the books. Gourmet cooking at home is my hobby so I actually own both, the Modernist Cuisine and The Modernist Cuisine at Home. I've read them thoroughly and I've done many recipes from them, and I must say, I yet have to see another set of books as useful and complete as these. You learn the principle of things, the math, physics and chemistry associated with the processes, from smoking and grilling to sous vide and pressure cooking. It's amazing the wealth of knowledge in these books. Also, the photography alone makes it a work of art.
If you are in doubt, simply make one recipe: the Caramelized Carrot Soup. It will blow your mind (and your guests). This recipe works because by increasing the pH under pressure you achieve the Maillard reaction before the carrots can burn. You cannot achieve this result any other way, and that's the kind of knowledge behind these books. Also, check the Hyperdecanting trick with wine. You'll impress your friends at any party.
Nathan said in an interview that he wrote this because that's the kind of book that he'd wish he has had access to when he started cooking. There is nothing else out there like this. It's true it's not for everybody. It's for either chefs or very serious amateurs. I for one, welcome an app. As wonderful as the books are, they are complicated when you need to find something quickly. Unfortunately, I don't do iOS, so I'll have to wait for the Android version in the future or steal my wife's iPad when I need it.
I've actually had the chance to see this myself. I started working for VMware in at the end of 2003, when virtualization was new. It slowly and gradually entered the datacenter, first in development and testing workloads and then production to mission critical apps. All this time I've seen the server to admin ratio change dramatically, first with tens to hundreds to now thousands of systems that can be managed by a single admin. This obviously means the gradual extinction of the traditional sysadmin, same way the operators disappeared with the decline of the mainframe.
Now automation tools and proactive analytics are gaining huge momentum and will doom yet another segment of the IT force, even managers who approve or deny decision can be replaced by software policies and self-service portals.
If any company would have the chance to run their whole IT as a single black box with a switch and no humans involved whatsoever, most would do it. It sucks, but denial won't help either.
I understand your thinking. Yet, once your eyes have been opened, you can't go back anymore. I know it's a cliche in this audience, but it's really like swallowing the red pill. We now know we were not crazy and there really is an extremely powerful entity out there attempting to break all our most trusted systems. We can 1) ignore it, 2) accept our fate and go kosher (according to 'the system') or 3) fight it. I've chosen 3, mostly because I think this is just the beginning and things can get really dark very fast if we let this stand. I also want to point out that the NSA hires really smart folks, but they are not superhuman. We, as a collective, can outsmart them all, and then we can create open source software easy enough for the masses to use. We've done it before and we can do it again. THEY are not infallible!
I for one, am more concerned about the classic little towns like Groveland that live out of the tourism coming in and out of Yosemite. My wife and I go to Yosemite at least a couple of times per year, and we always stay in Groveland, a tiny town with such an old gold rush history and character. They've got the Iron Door Saloon, the oldest saloon in California dating from 1852, The Groveland Hotel that used to be a brothel and where every one of the rooms is named like "Lotta Crabtree", "Betty Fries Room" and "Just Juanita".
Right now I'm less concerned about our water supply vs. the lives and livelihood of their residents and rich history of all those places.
What bothers me is that Microsoft has really good engineers but lacks a clear strategic direction. Their massive amount of legacy code plus some seriously bad "assumptions" about what the users want have sustained their decline in the last 10 years. It's a sad state of affairs, having used their products since Windows 1.0 when they were "the rebels".
I know it's just my opinion, but given their deep pockets, they should create an incubator unit or a completely separate start-up with huge funding for a re-acquisition later on (similar to what Cisco is doing with Insieme). The purpose of this group should be to go back to their roots, and re-think the way people and companies are expected to interact with computers in the next 10-20 years timeframe, and create a brand new OS with no legacy code, and anticipating the challenges and threats that will evolve overtime as much as possible.
I've always wondered why airplanes and MRI machines can have "mission critical" OSs and software while we all have to deal with crashes and uncertainty. They have the capability to create and bring to market a practical, usable EAL-7 OS. We know it has been done before, but Microsoft has the capability to make it commercially viable for everyone. And this is only ONE of the things they could do.
The way this post was presented is totally idiotic. The fact that some of these ideas have been around for a very long time means only that technical feasibility was not there yet. Remember Jules Verne or DaVinci for that matter. Many of their ideas have become normal part of our lives, while many others were just product of a fertile imagination.
What I really like about the hyperloop is that the idea is old, but it's been re-thought from the perspective of the 21st century, by someone who has the credibility to make things that everyone else said were impossible a fact.
I, for one, think Elon Musk is one of the greatest minds of our generation, and not only because of the ideas, but because of his attitude of "why not" and "build it and they will come". I'd trust him with my tax dollars any day when I see what he has accomplished, vs. the bozos in the State Government.
TFA is correct that there isn't anything to patch per se. However, it's possible to mitigate the effects of this by using multiple completely isolated browser sessions for different purposes. Your banking VM should always be used for banking, nothing else. Clear cookies and browser history at the end of the session. All that while other VMs should be used for their own specific purposes with their own security configuration.
This is very well implemented in Qubes OS but can also be implemented via regular VMs. The guys at Bromium have also an interesting approach to this issue via microvirtualization using hardware.
Net/net, the important thing is to make sure that whatever the attacker can get, it's irrelevant in the big picture of things.
Particularly bad timing since just today the San Francisco Chronicle is reporting that foreign airlines are now asked to use GPS for landings at SFO. What could possibly go wrong?
The whole idea of SDDC and Cloud Computing is to basically end up with "IT as a Service". The rest are just marketing words. The goal is to have a service pretty much like electricity: you don't necessarily care where it comes from or how it's delivered to your premises. All you care is that it's there, it's reliable, it's consistent and you know exactly how much you are paying for.
The problem I've seen in the 10 years I've been in this particular industry, is that very few large companies are doing chargeback from IT to their internal customers or business units. IT has been historically seen as a shared cost for the company which adds tremendous pressure every year to cut more and more and try to leverage economies of scale whenever possible. Once you implement chargeback (even if it starts as a showback only) you can effectively pass that cost to the internal customer so you end up shaping their behavior depending on their own funds allocation, not IT's.
The next step is to have accurate forecasting so you know exactly how much infrastructure to have available, particularly if you implement service tiering. This doesn't mean that IT will have a free ride, and it will still be expected to be competitive with external cloud providers, but at least is something more manageable than the status quo.
OpenStack has the potential to become the ultimate IaaS multi-vendor glue API, and now that the Foundation is established and a number of large players are committing resources and actual code (VMware, HP, IBM, Rackspace, etc, etc), things are taking shape at an amazing rate.
I'd say yes, embrace the AWS API as a baseline, just to make sure developers can port their applications as seamlessly as possible from AWS to OpenStack and viceversa. Just don't think this has to be all or nothing. Since not every use case can be fulfilled by AWS, I see absolutely nothing wrong with creating brand new APIs and operational models to address the needs of whomever is implementing OpenStack out there, as long as it's clear that using them would make your application incompatible with AWS. For many use cases, that's irrelevant.
Kudos to AWS to having come out with that model, but innovation cannot stop for fear of incompatibilities.
Come on dude! It's so easy to be dismissive when you don't have a clue what are you talking about. Let me break your bubble: there are geeks that are hipsters, foodies and that just love the hedonistic pleasures of life. We all converge in this site at some point and share things that matter to all of us, but this is by no means all we are in life.
I've had to learn to appreciate our differences with fellow geeks and nerds that have completely opposite political views for example without demonizing them, and in the process I've learned a thing or two. Don't fall in the "us" and "them" rhetoric and learn to respect people that care about different things.
We are at the very beginning of this technology. You can't possibly say there is no legitimate uses only because you haven't thought of any. Besides, the image you have in your mind of a drone can change radically in the next few years (think insect-sized drones for example).
No, Whonix is a system. The key part of the system is the Gateway which is indeed Linux, but the Workstation portion can be easily swapped by Windows or anything else. Read a bit more before you comment.
You can achieve the same result today with Whonix which allows you to "torify" basically any network I/O traffic from the workstation VM. Heck, you can even have a Windows VM go through the Tor gateway for that matter.
I'm using iVPN with multihop to avoid traffic analysis. Excellent service. All my personal browsing is done from inside a VM which gets cleared at shutdown. For banking and other services that require to see your actual IP, I have a clean "banking VM" only for that purpose.
When are all these organizations going to learn that NO DATA should ever be on a mobile device? All access should be done through virtual desktops from secured, managed devices using strong authentication and mandatory access controls, period. This is not rocket science and the technology has been available for years. They only have themselves to blame.
I had similar needs about a year ago, including the fact that I was going back into network engineering after some years out of that field, so I wanted a flexible yet powerful setup in my home with focus on speed, security and flexibility make changes.
In order to achieve flexibility, I wanted as many components as possible to be in software. I already had 2 large diskless ESX servers connected to a QNAP TS-659 Pro II over NFS and iSCSI, so I updated my physical switch to a Cisco SG-300 20 and I setup link aggregation among all components effectively doubling the speed. The next step was to create purpose-specific VLANs. VoIP, home network, guest network and home entertainment systems are all in separate VLANs. Guest and home networks each have 2 Apple Airport devices setup as access points (not as gateways). Everything else is hard wired.
The main router and firewall is a purpose built Linux VM where I get to control everything in software. The cable modem from Comcast is plugged into the Cisco switch where it goes into its own VLAN directly to the gateway VM.
The setup has been up for a year. Minor updates have been applied to each component with very little disruption. I'm now starting to experiment with Nicira controllers for virtual networking within this environment so all future testing will remain in the software realm.
The evolution of OpenStack is analogous to Linux. Linux is basically a kernel, no more, no less. You need a series of tools around it to make it useful. The kernel with the proper tools overtime became "distributions". OpenStack is undergoing the same process. RedHat just announced their own OpenStack distribution, and several others like Canonical (Ubuntu), Nebula, StackOps, Piston, Rackspace, etc, they all have their own distributions of OpenStack. They are all trying to make "easy" the installation and customization process. Some of them tend to be more enterprise-centric and other ones tend to be more service provider-centric.
Since I'm part of the OpenStack team of one of the corporate members of the OpenStack Foundation, I've had the chance to explore many of them, and I'm most impressed by StackOps which seems to be the most flexible of all so far, although Ubuntu with Jujus is not far behind, specially if you enjoy the command line.
Overall, I see a huge momentum in the OpenStack community and the potential is there to create a true API glue that can finally unite all software components, from proprietary to open source under a single IaaS framework.
I'm with most of the posts so far regarding the despicable acts of the NSA, but taking the question more down to the technical realm, it seems obvious to me that security breaches coming from the inside of any organization can be mitigated by a more robust defense in depth methodology like this:
1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.
2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.
3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).
4. No printing, no emailing, no networking outside the proper security perimeter.
5. Regular audits and interviews to personnel with access to specific pieces of data.
You'll have to sacrifice convenience for security in environments that require that.
Whatever dude. I touched my first "VM" in CMS in 1987 in an IBM 3870 system and it was outstanding, eye opening. Virtualization of any kind has always been about the "illusion" of owning something that you really don't. Heck, even in UNIX-based systems a regular account was a form of virtualization in a time-shared Mini. You can make a case that NAT is a form of network virtualization. It doesn't matter. The experience that a student can have using a "real system" is what matters. It's not important if the system itself is shared or not.
The network? that can also be virtualized these days. Check Nicira if you haven't. Technically, it's perfectly possible today to have a single student (tenant) to create a set of VMs completely isolated from each other, regardless if the system is based on open source or not (or a mix).
It's not the state that really matters but the Feds, and although these protections are nice and worth of praise, I keep all my *important* person-to-person email at a server in Switzerland with some of the toughest privacy regulations exist, and all things that are *really* important, are always, with no exception, sent and received using GPG, and retrieved via POP with nothing kept in the servers there. I'll keep my own email backups, thanks.
The funny thing is that I know I'm probably the most boring person out there with nothing important to hide, but I do it as a matter of principle, and so should you.
I had the chance to eat deep fried crickets and ant eggs when traveling in Mexico. They were both surprisingly good. Once you forget *what* are you actually eating, it's not bad.
The folks at Mini Live Stock have been doing this for years, and there are several other underground movements on ths subject. Remember, they don't have to LOOK like insects. Some of these folks will make patties that will look and taste like hamburger.
IBM X-Series are fantastically well-built systems. I work with a lot of Fortune 100 companies and most datacenters have either HP or IBM for their tier-1 applications. The problem is that as apps become more stateless and more capable of tolerating downtime in different layers, the robustness, stability and even manageability of the server platform becomes less relevant. I think that's the reason why I'm starting to see a lot of low-end or even custom built 1U boxes and blades pop up in datacenters that otherwise would have purchased IBM or HP.
I think IBM is leaving the space because they see that trend and they can't effectively compete purely on price given their cost structure, while Lenovo has a better chance at making that happen. It's a simple business decision.
Slashdot Mirror
Is this a surprise to anybody? why do you think all TV vendors are pushing for "Smart TV"? all this metadata could be a huge source of revenue to them in all kinds of areas, from advertising profiling to law enforcement.
Since we have more and more connected devices in our lives, you've got to take extra precautions. First and foremost, if your device doesn't need to be connected to the Internet, just don't. There is no reason your wired printer need Internet access, so block that MAC address for external access. If your device does need it, then make sure that it's in an isolated segment with no raw access to Ethernet frames from other systems in your house, and if it's WiFi-enabled, make sure you have guest isolation turned on. Then, setup a proxy, transparent or not, to make sure you have the chance to monitor that traffic for unexpected surprises. If you can, whitelist some specific sites that your application needs to access, like Netflix or VUDU for example and block access to everything else.
Finally, why use apps in the TV when you can have excellent open source software provide you with content, like XBMC or MythTV?
Many of the comments here are from people who has not seen or read the books. Gourmet cooking at home is my hobby so I actually own both, the Modernist Cuisine and The Modernist Cuisine at Home. I've read them thoroughly and I've done many recipes from them, and I must say, I yet have to see another set of books as useful and complete as these. You learn the principle of things, the math, physics and chemistry associated with the processes, from smoking and grilling to sous vide and pressure cooking. It's amazing the wealth of knowledge in these books. Also, the photography alone makes it a work of art.
If you are in doubt, simply make one recipe: the Caramelized Carrot Soup. It will blow your mind (and your guests). This recipe works because by increasing the pH under pressure you achieve the Maillard reaction before the carrots can burn. You cannot achieve this result any other way, and that's the kind of knowledge behind these books. Also, check the Hyperdecanting trick with wine. You'll impress your friends at any party.
Nathan said in an interview that he wrote this because that's the kind of book that he'd wish he has had access to when he started cooking. There is nothing else out there like this. It's true it's not for everybody. It's for either chefs or very serious amateurs. I for one, welcome an app. As wonderful as the books are, they are complicated when you need to find something quickly. Unfortunately, I don't do iOS, so I'll have to wait for the Android version in the future or steal my wife's iPad when I need it.
I've actually had the chance to see this myself. I started working for VMware in at the end of 2003, when virtualization was new. It slowly and gradually entered the datacenter, first in development and testing workloads and then production to mission critical apps. All this time I've seen the server to admin ratio change dramatically, first with tens to hundreds to now thousands of systems that can be managed by a single admin. This obviously means the gradual extinction of the traditional sysadmin, same way the operators disappeared with the decline of the mainframe.
Now automation tools and proactive analytics are gaining huge momentum and will doom yet another segment of the IT force, even managers who approve or deny decision can be replaced by software policies and self-service portals.
If any company would have the chance to run their whole IT as a single black box with a switch and no humans involved whatsoever, most would do it. It sucks, but denial won't help either.
I understand your thinking. Yet, once your eyes have been opened, you can't go back anymore. I know it's a cliche in this audience, but it's really like swallowing the red pill. We now know we were not crazy and there really is an extremely powerful entity out there attempting to break all our most trusted systems. We can 1) ignore it, 2) accept our fate and go kosher (according to 'the system') or 3) fight it. I've chosen 3, mostly because I think this is just the beginning and things can get really dark very fast if we let this stand. I also want to point out that the NSA hires really smart folks, but they are not superhuman. We, as a collective, can outsmart them all, and then we can create open source software easy enough for the masses to use. We've done it before and we can do it again. THEY are not infallible!
I for one, am more concerned about the classic little towns like Groveland that live out of the tourism coming in and out of Yosemite. My wife and I go to Yosemite at least a couple of times per year, and we always stay in Groveland, a tiny town with such an old gold rush history and character. They've got the Iron Door Saloon, the oldest saloon in California dating from 1852, The Groveland Hotel that used to be a brothel and where every one of the rooms is named like "Lotta Crabtree", "Betty Fries Room" and "Just Juanita".
Right now I'm less concerned about our water supply vs. the lives and livelihood of their residents and rich history of all those places.
What bothers me is that Microsoft has really good engineers but lacks a clear strategic direction. Their massive amount of legacy code plus some seriously bad "assumptions" about what the users want have sustained their decline in the last 10 years. It's a sad state of affairs, having used their products since Windows 1.0 when they were "the rebels".
I know it's just my opinion, but given their deep pockets, they should create an incubator unit or a completely separate start-up with huge funding for a re-acquisition later on (similar to what Cisco is doing with Insieme). The purpose of this group should be to go back to their roots, and re-think the way people and companies are expected to interact with computers in the next 10-20 years timeframe, and create a brand new OS with no legacy code, and anticipating the challenges and threats that will evolve overtime as much as possible.
I've always wondered why airplanes and MRI machines can have "mission critical" OSs and software while we all have to deal with crashes and uncertainty. They have the capability to create and bring to market a practical, usable EAL-7 OS. We know it has been done before, but Microsoft has the capability to make it commercially viable for everyone. And this is only ONE of the things they could do.
The way this post was presented is totally idiotic. The fact that some of these ideas have been around for a very long time means only that technical feasibility was not there yet. Remember Jules Verne or DaVinci for that matter. Many of their ideas have become normal part of our lives, while many others were just product of a fertile imagination.
What I really like about the hyperloop is that the idea is old, but it's been re-thought from the perspective of the 21st century, by someone who has the credibility to make things that everyone else said were impossible a fact.
I, for one, think Elon Musk is one of the greatest minds of our generation, and not only because of the ideas, but because of his attitude of "why not" and "build it and they will come". I'd trust him with my tax dollars any day when I see what he has accomplished, vs. the bozos in the State Government.
TFA is correct that there isn't anything to patch per se. However, it's possible to mitigate the effects of this by using multiple completely isolated browser sessions for different purposes. Your banking VM should always be used for banking, nothing else. Clear cookies and browser history at the end of the session. All that while other VMs should be used for their own specific purposes with their own security configuration.
This is very well implemented in Qubes OS but can also be implemented via regular VMs. The guys at Bromium have also an interesting approach to this issue via microvirtualization using hardware.
Net/net, the important thing is to make sure that whatever the attacker can get, it's irrelevant in the big picture of things.
Particularly bad timing since just today the San Francisco Chronicle is reporting that foreign airlines are now asked to use GPS for landings at SFO. What could possibly go wrong?
The whole idea of SDDC and Cloud Computing is to basically end up with "IT as a Service". The rest are just marketing words. The goal is to have a service pretty much like electricity: you don't necessarily care where it comes from or how it's delivered to your premises. All you care is that it's there, it's reliable, it's consistent and you know exactly how much you are paying for.
The problem I've seen in the 10 years I've been in this particular industry, is that very few large companies are doing chargeback from IT to their internal customers or business units. IT has been historically seen as a shared cost for the company which adds tremendous pressure every year to cut more and more and try to leverage economies of scale whenever possible. Once you implement chargeback (even if it starts as a showback only) you can effectively pass that cost to the internal customer so you end up shaping their behavior depending on their own funds allocation, not IT's.
The next step is to have accurate forecasting so you know exactly how much infrastructure to have available, particularly if you implement service tiering. This doesn't mean that IT will have a free ride, and it will still be expected to be competitive with external cloud providers, but at least is something more manageable than the status quo.
It will explode with poisonous gas as soon as the sensor detects Duke Leto nearby!
OpenStack has the potential to become the ultimate IaaS multi-vendor glue API, and now that the Foundation is established and a number of large players are committing resources and actual code (VMware, HP, IBM, Rackspace, etc, etc), things are taking shape at an amazing rate.
I'd say yes, embrace the AWS API as a baseline, just to make sure developers can port their applications as seamlessly as possible from AWS to OpenStack and viceversa. Just don't think this has to be all or nothing. Since not every use case can be fulfilled by AWS, I see absolutely nothing wrong with creating brand new APIs and operational models to address the needs of whomever is implementing OpenStack out there, as long as it's clear that using them would make your application incompatible with AWS. For many use cases, that's irrelevant.
Kudos to AWS to having come out with that model, but innovation cannot stop for fear of incompatibilities.
Come on dude! It's so easy to be dismissive when you don't have a clue what are you talking about. Let me break your bubble: there are geeks that are hipsters, foodies and that just love the hedonistic pleasures of life. We all converge in this site at some point and share things that matter to all of us, but this is by no means all we are in life.
I've had to learn to appreciate our differences with fellow geeks and nerds that have completely opposite political views for example without demonizing them, and in the process I've learned a thing or two. Don't fall in the "us" and "them" rhetoric and learn to respect people that care about different things.
We are at the very beginning of this technology. You can't possibly say there is no legitimate uses only because you haven't thought of any. Besides, the image you have in your mind of a drone can change radically in the next few years (think insect-sized drones for example).
No, Whonix is a system. The key part of the system is the Gateway which is indeed Linux, but the Workstation portion can be easily swapped by Windows or anything else. Read a bit more before you comment.
You can achieve the same result today with Whonix which allows you to "torify" basically any network I/O traffic from the workstation VM. Heck, you can even have a Windows VM go through the Tor gateway for that matter.
I'm using iVPN with multihop to avoid traffic analysis. Excellent service. All my personal browsing is done from inside a VM which gets cleared at shutdown. For banking and other services that require to see your actual IP, I have a clean "banking VM" only for that purpose.
When are all these organizations going to learn that NO DATA should ever be on a mobile device? All access should be done through virtual desktops from secured, managed devices using strong authentication and mandatory access controls, period. This is not rocket science and the technology has been available for years. They only have themselves to blame.
I had similar needs about a year ago, including the fact that I was going back into network engineering after some years out of that field, so I wanted a flexible yet powerful setup in my home with focus on speed, security and flexibility make changes.
In order to achieve flexibility, I wanted as many components as possible to be in software. I already had 2 large diskless ESX servers connected to a QNAP TS-659 Pro II over NFS and iSCSI, so I updated my physical switch to a Cisco SG-300 20 and I setup link aggregation among all components effectively doubling the speed. The next step was to create purpose-specific VLANs. VoIP, home network, guest network and home entertainment systems are all in separate VLANs. Guest and home networks each have 2 Apple Airport devices setup as access points (not as gateways). Everything else is hard wired.
The main router and firewall is a purpose built Linux VM where I get to control everything in software. The cable modem from Comcast is plugged into the Cisco switch where it goes into its own VLAN directly to the gateway VM.
The setup has been up for a year. Minor updates have been applied to each component with very little disruption. I'm now starting to experiment with Nicira controllers for virtual networking within this environment so all future testing will remain in the software realm.
The evolution of OpenStack is analogous to Linux. Linux is basically a kernel, no more, no less. You need a series of tools around it to make it useful. The kernel with the proper tools overtime became "distributions". OpenStack is undergoing the same process. RedHat just announced their own OpenStack distribution, and several others like Canonical (Ubuntu), Nebula, StackOps, Piston, Rackspace, etc, they all have their own distributions of OpenStack. They are all trying to make "easy" the installation and customization process. Some of them tend to be more enterprise-centric and other ones tend to be more service provider-centric.
Since I'm part of the OpenStack team of one of the corporate members of the OpenStack Foundation, I've had the chance to explore many of them, and I'm most impressed by StackOps which seems to be the most flexible of all so far, although Ubuntu with Jujus is not far behind, specially if you enjoy the command line.
Overall, I see a huge momentum in the OpenStack community and the potential is there to create a true API glue that can finally unite all software components, from proprietary to open source under a single IaaS framework.
1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.
2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.
3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).
4. No printing, no emailing, no networking outside the proper security perimeter.
5. Regular audits and interviews to personnel with access to specific pieces of data.
You'll have to sacrifice convenience for security in environments that require that.
Whatever dude. I touched my first "VM" in CMS in 1987 in an IBM 3870 system and it was outstanding, eye opening. Virtualization of any kind has always been about the "illusion" of owning something that you really don't. Heck, even in UNIX-based systems a regular account was a form of virtualization in a time-shared Mini. You can make a case that NAT is a form of network virtualization. It doesn't matter. The experience that a student can have using a "real system" is what matters. It's not important if the system itself is shared or not.
The network? that can also be virtualized these days. Check Nicira if you haven't. Technically, it's perfectly possible today to have a single student (tenant) to create a set of VMs completely isolated from each other, regardless if the system is based on open source or not (or a mix).
Disclaimer: I work for VMware.
It's not the state that really matters but the Feds, and although these protections are nice and worth of praise, I keep all my *important* person-to-person email at a server in Switzerland with some of the toughest privacy regulations exist, and all things that are *really* important, are always, with no exception, sent and received using GPG, and retrieved via POP with nothing kept in the servers there. I'll keep my own email backups, thanks.
The funny thing is that I know I'm probably the most boring person out there with nothing important to hide, but I do it as a matter of principle, and so should you.
I had the chance to eat deep fried crickets and ant eggs when traveling in Mexico. They were both surprisingly good. Once you forget *what* are you actually eating, it's not bad.
The folks at Mini Live Stock have been doing this for years, and there are several other underground movements on ths subject. Remember, they don't have to LOOK like insects. Some of these folks will make patties that will look and taste like hamburger.
IBM X-Series are fantastically well-built systems. I work with a lot of Fortune 100 companies and most datacenters have either HP or IBM for their tier-1 applications. The problem is that as apps become more stateless and more capable of tolerating downtime in different layers, the robustness, stability and even manageability of the server platform becomes less relevant. I think that's the reason why I'm starting to see a lot of low-end or even custom built 1U boxes and blades pop up in datacenters that otherwise would have purchased IBM or HP.
I think IBM is leaving the space because they see that trend and they can't effectively compete purely on price given their cost structure, while Lenovo has a better chance at making that happen. It's a simple business decision.