http://www.vimeo.com/ ???????? Really ? That many question marks ? Are you not sure ?
Your link does not satisfy even one of the requirements. No ability to download. No doubleclick=fullscreen, and if you do go fullscreen, it is not slick and fast, but takes a second, at least the first few times.
Usability ? Please. The navigation elements in the video are astonishingly badly placed. "Embed" and "Share" belong on the page, not in the video. Clicking anywhere in the video has absolutely no effect. Sure, nice, rounded edges... But why, oh why is the standard video size so small still ? The site is about videos. Why not give the main attraction more screen real estate ?
Searching and especially browsing leave lots to be desired.
I'll give you that the quality is better than youtube. IMHO it is still not comparable to stage6, but some of the HD videos are decent.
Phrases like "Vimeo is the best place to:" don't make me want to use it. If it's truly the best place, I will find out. You telling me that your stuff is the best does not inspire confidence.
Re:DivX lost the advantage when h264 came along
on
DivX Pulls Plug on Stage6
·
· Score: 2, Insightful
I have heard this argument a few times in the past day.
Can you please cite even one site that offers comparable quality and usability ? When I doubleclick the video, I want instant fullscreen with crisp video. I also want the option to download stuff for later use. None of the video sites come to mind.
H.264 not a good video site makes. You need a little more than just a codec.
Of course it's up to the person specifying the XML dialect to make those tags and structure comprehensible by a normal person, but that's not the format's defect. Correct. It's not. And by virtue of that argument, neither is XML a silver bullet.
Any format can be obfuscated by design or carelessness. Correct. See OOXML, or better yet, something that has no documentation at all.
XML is harder to do that in. In XML it's harder to hide the fact that you are doing it, but it is not harder to do that in.
And even the most basic tools that render XML data according to their embedded schema make most XML self-evident. To a trained eye, most naive binary formats also contain self-evident data structures. Go ahead, look at some binary formats you do not know in decent viewers... Chances are, you will discover structure.
XML does not have embeddes schemas. It is semi-structured, true -- but that does not a schema make. You get a tree of nodes. That, in and of itself, does not make the contents self-evident. By that logic, I should be able to deduce what a btree stores if only I know that it's a btree.
And that's not cheating: even this post in English requires a reader app, as does all stored data. You keep coming back to this analogy, and I fail to see how it applies. Sure, if you get a data format containing this post in one of its nodes (or even a nice tag soup with markup in it), you can probably deduce that it's a post and you can read what it says. Same is true of a pure binary format containing this text. The issue becomes less clear when you are talking about data that does not appear as utf8-text in its "natural" form.
Of course, my post was human readable, but since you can't even understand written English enough to stop making the spurious point that a human can make even a readable format unreadable, I don't expect you to accept that there is even such a thing as human readable. If in doubt, go ad hominem, eh ?
I simply don't agree with your premise.
Sorry you couldn't benefit from that simple insight no matter how easy to read I made it. Your loss. Getting defensive, are we ? Ah well, it seems the art of discourse is lost on you. Your loss, as it were.
ATX power supplies are required to provide power for a certain amount of time after it signals the motherboard that it is shutting down. How, exactly, do you think this would apply ?
More to the point, if you have physical access to the machine, why would you think that the machine will still follow ATX specs ?
Exercise 1 : Take a pair of scissors into your hands. Exercise 2 : Physically "disconnect" the power supply from the motherboard.
Looking at logs != Monitoring os supervision, let alone parenting.
You don't listen to your kids' phonecalls all day long either, do you ?
There is an element of trust involved. Sure, not at first, but at first you really REALLY don't want to let your kid use the computer, or rather, internet without supervision, anyway. And I mean flesh-and-blood supervision.
You are very much mistaken, sorry. XML is not that wonderpill. It's a tool. It can be abused.
Structural properties are WORTHLESS if you do not know what they mean. It's cool to build a tree, but without semantic meaning, you really have nothing. Nothing is self-evident if the designer hasn't taken care to make their format transparent.
Clearly you don't see that point so it does not bear discussing further. I wish you luck trying to figure out what a,b,c,d,e,f,g, k,m, i,l, x,y, and z mean as tags. Really, I do.
Sorry, but no, XML is not "open" and "human readable". Without a proper format documentation, it's every bit as opaque as a binary format.
XML is not a standardized document format. ODF is standardized document format with documentation and smenatics. XML is just the language it's expressed in.
For instance, the following is a proper XML tree :
aa
Without any documentation on what those tags mean, it's every bit as opaque as
$$!51%5g33F1 (admittedly a bad analogue to a truly "binary" format, but you get the idea).
Sure, you can build a tree out of that. That is still useless, especially considering that you can put arbitrary linking formats into attribute or element values.
Hell,
qualifies.
Without a proper XML Schema to go with your XML document, you have nothing. And even IF you have a XML Schema, without documentation, you can only use it to validate stuff against it. And even IF you have documentation, it will have to be accurate. XML alone is not a silver bullet. OOXML all but proved that already.
Just don't perpetuate them, and Microsoft's selfish interests, by just embedding them into apps as "native" formats. Make them import by calling a module that can also just batch convert old files. We don't need this creepy old man following us around anymore. Be very careful down that road. Particularly, don't confuse "I can import it and save it in MY format" with "this document is now accessible". The application doing the import might die off just the same in 10 or 15 years; and XML is not a wonderpill that makes a document format interchangeable. If you want to do the user a favour, don't just support full import of Office documents, but full export into a standardized format as well (and not just lip-service export).
Interoperability goes both ways; this is often (and often deliberately) forgotten. There are a lot of programs that offer you the ability to import all manner of files or settings from other competing programs (just look at your favourite mail clients), but have no decent support for exporting the full data, as well. Same with web services and whatnot. You might just be trading in something bad for something worse if there is no avenue provided to export all the data into a standardized format, or at least a well-known one.
Screw specs - I'm talking about implementation. An RFID system is basically just an antenna - it needs to receive energy from the reader to power itself, then will broadcast the id. The size of the RFID tag is directly related to how far away it can be activated and read from.
I don't care what you use, a 2mm chemical RFID tag will not broadcast several metres away in a practical application. We're not talking about a practical day-to-day application here, though. We are talking about a malicious attacker who has probably figured out how to do targeted radio-waves and who might have very sensitive (and expensive) equipment at their disposal.
I'm aware that it becomes exponentially more difficult to do this the farther you are away, but assuming it's impossible is folly.
When cryptography is concerned, yes, I do think in shades of black and white. Your data is either encrypted and you are the only one who is able to access it, or you are not. Yes, there are other usage scenarios, but the/default/ should always be that.
Yes, I sometimes mix up loose and lose. It's been about 10 years since I last got grades in English (it not being my native tongue), so thanks for pointing it out.
If somebody gets turned off of encryption because s/he lost his/her key, they should probably not have encrypted in the first place -- much in the same vein as people who get turned off of computers because their harddrive crashed and they neglected to make any backups (despites advice to the contrary, since it could not POSSIBLY happen to them...)
I still think it ought to be the default that you are the only one with the key. However, during setup, you could be notified that it is possible to put your key in escrow, with those limitations. Just make it unchecked by default.
Yes, 3LAs are suspicious of any crypto. Hell, border patrol will probably confiscate your laptop if they even suspect you are using crypto. Nevermind the fact that https gets used every day:> However, if the key is not in escrow, they can be suspicious all they want, they don't get to snoop around in that data -- even if it is just a fine collection of spam in your inbox. Well, that is unless they compel you to give up you keys by some other unlawful measure, but that's another story.
The governments in Central and South America are really quite sick of the US trying to control them all of the time and there is a real backlash taking place. If you mean "wild posturing and empty rhetoric" by "real backlash" you may be right. Generally those governments are intelligent enough to be scared of the military countermeasures should there be a REAL backlash. They have a valid beef, but they won't invade the US for it. No sane regular government will do that, since it's quite hard to argue with 500 billion in defense spending.
If you are serious about protecting your data you should really be using encrypted swap or no swap at all anyway. Quite true. Though even if you use encrypted swap, it's generally a bad idea to have your crypto keys reside in non-memorylocked pages. If that is the case, you can generally assume that the implementation you are looking at was probably not engineered by somebody with a clue of what they were doing, and other holes/oversights are likely (I'd argue that if you haven't thought about memory-locking the pages containing the crypto-keys, you probably haven't even heard about timing attacks... Or given thought to rotating the keys through various places in memory periodically:)
We're trying to get to the point where cryptography for sensitive data is ubiquitous. Who's going to use crypto in the future if the first time that they lose their key, Microsoft tells them, "Sorry. Nothing we can do for you?" I couldn't care less about that user. You either get proper and secure encryption, or you don't. Loosing your crypto key is no different than a hard disk crash. People need to learn that backups are necessary. Most people ONLY EVER learn this the hard way, no matter how often you tell them beforehand. Loosing your crypto keys should yield the exact same result as a burning harddrive would -- otherwise the crypto is pretty much worthless.
Unfortunately, this is the wrong solution. The right solution would be an escrow keystore, and informing the user of what's going on. That's the "right" solution for some users. Key escrow gives up quite a bit of confidentiality of your data, since you are no longer the sole keeper of your keys. To some, this is acceptable. It is not, however, a good default. Ubiquitious encryption is a lofty goal and one that should be striven for... However if the standard is to keep all crypto keys in escrow, then that's not really a good thing. The minute your key is not in escrow, you become suspicious. That's a bad thing (well, it's a good thing if you work at one of the 3LAs:)
Sure, everybody knows RFIDs can ONLY be read at a distance of several centimeters. Right ? RIGHT ? Depends on the technology used - some are several meters, while others require near contact. According to the SPECS. The "require" would be VERY loosely defined as "require if you use a reader that is built to spec". However, the proverbial bad guys really don't care about the spec. It's a running gag to claim that an RFID tag of any sort can ONLY be read from several centimeters away -- since it's simply not true. Shielding can improve this a bit, but quite honestly, I wouldn't trust it if my life depended on it.
I wonder whether any download managers already account for this kind of crap. It should be trivial to code managers that reset the connection every 15-20 seconds. Sure, it ain't pretty on the servers, but the brainiacs at ComCast don't care.
The algorithms uses are, by and large, peer-reviewed ones believed to be implemented securely (i.e. 3DES, AES, etc), so thsoe people you know would probably be right on that front (though I obviously can't check the source code myself; this is not an empty "open source is better than X" proclamation, but rather a cold, hard fact in cryptology : if the source is not there to be examined, you can't be sure that there aren't implementation weaknesses that could be exploited. In this field, this is major; for instance, if by some unthought-of chain of events the cleartext encryption key ever gets swapped to disk, the game is over, no need to break the strong crypto itself...)
By default, EFS stores a copy of the encryption key for the administrator of the machine (or domain administrator if in a domain). In the latter case the recovery key does not reside on the local machine, in the former case it does. This is default behavior. While it's documented, it really should not be DEFAULT behavior. http://support.microsoft.com/default.aspx?scid=kb;en-us;223316&sd=tech lists some best practices you should follow for EFS. The first best practice starts with the words "Teach users to". This is a bad idea, no matter what follows.
As I noted, it's/possible/ to make EFS reasonably secure.
Hardware crypto, such that key authentication/management is done without any computer interaction, means I don't have to worry about the security of the machine I'm using and it means I can use secure storage on a locked down box that does not allow software to be installed. That's what you think it means for you. It could also mean an instruction in the CPU that does AES encryption (such as VIA has in their CPUs).
People want portable hardware solutions. What I think you meant to say was people want secure solutions.
Stop suggesting software and give us viable (ie secure) hardware alternatives. I can suggest software all day if I like if it gets the job done better than the crap that vendor was selling. Which it does, no questions asked.
What are the not-so-cheap external enclosures? Depends on what your actual needs are, and good luck researching it (there is so much snake oil out there it's pretty hard to find decent stuff). You could, of course, build your own system. Portable computers based on Eden (i.e. rather small form factor) could be built and configured to your liking, then bolted for added physical security. To make that thing truly good, you'd need to spend a fair chunk of change on a decent cryptologist and engineer, though. The question to ask would be whether your data warrants that level of protection. If it does, do it right, don't rely on crap some low-level sales dweeb reads from his brochures. That's how these hardware enclosure manufacturers got duped.
but it was better than nothing. It's just that the incremental improvement of having very weak obscurity instead of having no protection at all, is so much more justifiable than the improvement of good, rock solid crypto over weak obscurity. "Better than nothing" ? I'd go so far as to say "worse than nothing". Not only is it ineffectual and easily cracked, but also does your paying customerbase have the hassle of trying to support the kludge. I'd feel royally pissed if something stopped working just because I no longer have a parallel port on my computer, for instance, or am running inside a VMWare machine... So pissed, in fact, that I'll go out of my way to avoid products by that company in the future.
...when you lose the RFID fob? Glad that you asked. Thank you for being our customer. Please go download http://vendor/recover.exe. It will recover your data on your harddrive. This is a feature. Thank you for your business.
Does the mfg keep a list of serial #s and RFID keys so they can mail you/thief a replacement? Quite honestly the entire concept is flawed. a.) if you loose your key and somebody else can furbish another one, your crypto is broken by default. You cannot trust it to secure anything at all. b.) RFID IDs as keys ? Sure, everybody knows RFIDs can ONLY be read at a distance of several centimeters. Right ? RIGHT ?
The question you should be asking is "If somebody copies my key, can I change the lock ?"
For God's sake, can't the company's executives be charged under a criminal statute? Fraud, anyone? AES was used/somewhere/.
It's/never/ a good idea to rely on cryptographic features when you don't know exactly how they are implemented. A vendor telling you they use AES is completely and utterly worthless, and always has been. It's a nice buzzword people like to use.
It's also NEVER a good idea to use any "crypto developed in-house". Manufacturers love to tell you since they developed it and their development is secret and such that their product is safe and secure, much more secure even since nobody knows how it works. Cryptologists laugh at those claims, and everybody else should, too. These non-encrypting devices are a good reason as to why they do so.
If you want truly encrypted files and disks, don't rely on cheap external enclosures. TrueCrypt is not hard to use and offers a decent level of protection (forget Windows crypto, it's littered with backdoors unless configured JUST right, which is not an easy task and definitely not default). Under linux, it's decidedly easy to use AES encryption on block devices.
I guess their next product will use advanced ROT13 encryption technology. For good measure, they'll apply it twice -- after all, twice is better than once.
I then had to go off and search how to add MP3 support, multimedia streaming and DVD playback. "Amarok cannot currently play MP3 files. Click here to install MP3 support." *click* Done. DVD ? Really ? I put in a DVD and it played.
Oh, you mean CSS-encrypted DVD ? Thank your media overlords for those content scrambling systems. However, even that is rectified if you take some action which is described, in two steps, in the help section of your system under "How do I watch DVDs ?".
bbc news ? It asks whether to install a plugin, I tell it to, click OK, and the video plays. Same as on Windows.
Fonts ? Really ? They look fine to me. But yeah, you can install the MS fonts if you wish. The core fonts are even available in the packages and will be installed when you install something that might benefit from them.
I haven't played with SMB filesharing on Ubuntu yet (since, quite frankly, I have not needed it). However, you seem to indicate it's a bad thing that it installs that feature on-demand. Did you look in the actual Ubuntu documentation ? You seem to fault an external site giving you incomplete information (was the HOWTO for your version of Ubuntu ? If not, would you use a Windows 98 tutorial for a Windows XP system ?)
Windows "just works" ? Are you freaking kidding me ? You don't need to install realplayer ? Windows Media Player ? A "proper" DVD codec ? Clearly, all that DivX, XviD, H.264 stuff ? iTunes so you can play AAC ? Quicktime Player ? All manner of plugins ? Anti-Spyware ? Anti-Virus ? "Personal" Firewalls ? Microsoft Office ? A few gazillion Windows updates requiring 3 restarts just so you don't get rooted out of the box ? All manner of rootkits from copy-"protected" media ? Gazillions of drivers and driver-versions ? Clean up all that crud from the autostart (not just the menu, but the "registry" as well ? Maybe you'll pick up some cool tips from your favourite PC rag on how to set some obscure string of registry settings to make something work ?
Neither system is perfect, and arguing that "Windows just works" is laughable. It takes about 2 minutes for you to take the Ubuntu disk, start up your computer, and be ready to post on Slashdot. It takes 20 minutes or so for the system to be installed (while you can post on slashdot and check your email, no less), after which you can immediately use it for regular office work and basic functionality. You can then spend as much time as you want getting more software, same as on any other OS.
If you want to argue that it should not be "so hard" to install Ubuntu, you should probably do a fair comparison -- namely compare it to installing Windows until you find it fit for daily use. If you want to compare the two systems after that point, don't consider the basic installation (that an OEM would do), but what you have to do after that.
So if you're thinking of moving to Oregon, remember: It rains here ALL THE TIME. So let's recap. You are on slashdot, home of the nerds. The nerds who sometimes need an excuse not to go out. Rain is a perfect excuse. It raining all the time makes it a perpetual excuse. That's one crowd you'll attract.
There's hippies everywhere. Perfect ! Police are going to be busy busting people for pot possession, thus way too busy to bow to the MAFIAAs each and every demand. Therefore you just attracted all the pirates of the interwebs. Well, ok, many of them are potheads, but not to worry -- many hippies means a steady supply of pot. You just got yourself another crowd ready to move to Oregon.
Nearly half the women in Portland are lesbians too! This is what nerds and pirates consider entertainment. (ding, ding, more incentive !)
Also, seeing as how half the women in Portland are eligible, you just attracted a drove of lesbians looking for partners. Maybe they'll even "convert" some. Yippeeh ! More entertainment !
Actually, I didn't make that last line up.:( No, you just grabbed it out of your... err... well. Sure, there is a higher concentration (particularly in Portland), but honestly, half ? To quote Mr. Cosby : Riiiiiight.
*sigh* Ever our governor once said "Oregon: a nice place to visit, but please don't stay." Tourists = $$$.
However, this old "just open the window" remark is getting really old. No, you cannot cool a datacenter by opening the window, even if it is really, really cold outside. Ideally, you want a constant temperature in the DC (opening a window would never allow for this), you need to cool racks individually (opening a window would, at most, cool one rack near the window). Let's not even mention the proverbial elements. Yes, cold surroundings can help (since the differential to overcome is less). But opening the window has never been an option. Constant temperature is still hella expensive.
Slashdot Mirror
Your link does not satisfy even one of the requirements. No ability to download. No doubleclick=fullscreen, and if you do go fullscreen, it is not slick and fast, but takes a second, at least the first few times.
Usability ? Please. The navigation elements in the video are astonishingly badly placed. "Embed" and "Share" belong on the page, not in the video. Clicking anywhere in the video has absolutely no effect. Sure, nice, rounded edges
Searching and especially browsing leave lots to be desired.
I'll give you that the quality is better than youtube. IMHO it is still not comparable to stage6, but some of the HD videos are decent.
Phrases like "Vimeo is the best place to:" don't make me want to use it. If it's truly the best place, I will find out. You telling me that your stuff is the best does not inspire confidence.
I have heard this argument a few times in the past day.
Can you please cite even one site that offers comparable quality and usability ? When I doubleclick the video, I want instant fullscreen with crisp video. I also want the option to download stuff for later use.
None of the video sites come to mind.
H.264 not a good video site makes. You need a little more than just a codec.
look at some binary formats you do not know in decent viewers
XML does not have embeddes schemas. It is semi-structured, true -- but that does not a schema make. You get a tree of nodes. That, in and of itself, does not make the contents self-evident. By that logic, I should be able to deduce what a btree stores if only I know that it's a btree. And that's not cheating: even this post in English requires a reader app, as does all stored data. You keep coming back to this analogy, and I fail to see how it applies. Sure, if you get a data format containing this post in one of its nodes (or even a nice tag soup with markup in it), you can probably deduce that it's a post and you can read what it says. Same is true of a pure binary format containing this text. The issue becomes less clear when you are talking about data that does not appear as utf8-text in its "natural" form. Of course, my post was human readable, but since you can't even understand written English enough to stop making the spurious point that a human can make even a readable format unreadable, I don't expect you to accept that there is even such a thing as human readable. If in doubt, go ad hominem, eh ?
I simply don't agree with your premise. Sorry you couldn't benefit from that simple insight no matter how easy to read I made it. Your loss. Getting defensive, are we ? Ah well, it seems the art of discourse is lost on you. Your loss, as it were.
More to the point, if you have physical access to the machine, why would you think that the machine will still follow ATX specs ?
Exercise 1 : Take a pair of scissors into your hands.
Exercise 2 : Physically "disconnect" the power supply from the motherboard.
Looking at logs != Monitoring os supervision, let alone parenting.
You don't listen to your kids' phonecalls all day long either, do you ?
There is an element of trust involved. Sure, not at first, but at first you really REALLY don't want to let your kid use the computer, or rather, internet without supervision, anyway. And I mean flesh-and-blood supervision.
You are very much mistaken, sorry. XML is not that wonderpill. It's a tool. It can be abused.
Structural properties are WORTHLESS if you do not know what they mean. It's cool to build a tree, but without semantic meaning, you really have nothing. Nothing is self-evident if the designer hasn't taken care to make their format transparent.
Clearly you don't see that point so it does not bear discussing further. I wish you luck trying to figure out what a,b,c,d,e,f,g, k,m, i,l, x,y, and z mean as tags. Really, I do.
of course, slashdot ate my markup.
/><d e="f" g="h" /> </b></a>
<a><b><c
and
<a> <![CDATA[ SOMETHING REALLY SCARYLOOKING HERE ]]></a
would be the codesnippets.
Sorry, but no, XML is not "open" and "human readable". Without a proper format documentation, it's every bit as opaque as a binary format.
XML is not a standardized document format. ODF is standardized document format with documentation and smenatics. XML is just the language it's expressed in.
For instance, the following is a proper XML tree :
aa
Without any documentation on what those tags mean, it's every bit as opaque as
$$!51%5g33F1 (admittedly a bad analogue to a truly "binary" format, but you get the idea).
Sure, you can build a tree out of that. That is still useless, especially considering that you can put arbitrary linking formats into attribute or element values.
Hell,
qualifies.
Without a proper XML Schema to go with your XML document, you have nothing. And even IF you have a XML Schema, without documentation, you can only use it to validate stuff against it. And even IF you have documentation, it will have to be accurate. XML alone is not a silver bullet. OOXML all but proved that already.
Interoperability goes both ways; this is often (and often deliberately) forgotten. There are a lot of programs that offer you the ability to import all manner of files or settings from other competing programs (just look at your favourite mail clients), but have no decent support for exporting the full data, as well. Same with web services and whatnot. You might just be trading in something bad for something worse if there is no avenue provided to export all the data into a standardized format, or at least a well-known one.
I don't care what you use, a 2mm chemical RFID tag will not broadcast several metres away in a practical application. We're not talking about a practical day-to-day application here, though. We are talking about a malicious attacker who has probably figured out how to do targeted radio-waves and who might have very sensitive (and expensive) equipment at their disposal.
I'm aware that it becomes exponentially more difficult to do this the farther you are away, but assuming it's impossible is folly.
When cryptography is concerned, yes, I do think in shades of black and white. Your data is either encrypted and you are the only one who is able to access it, or you are not. Yes, there are other usage scenarios, but the /default/ should always be that.
...)
:>
Yes, I sometimes mix up loose and lose. It's been about 10 years since I last got grades in English (it not being my native tongue), so thanks for pointing it out.
If somebody gets turned off of encryption because s/he lost his/her key, they should probably not have encrypted in the first place -- much in the same vein as people who get turned off of computers because their harddrive crashed and they neglected to make any backups (despites advice to the contrary, since it could not POSSIBLY happen to them
I still think it ought to be the default that you are the only one with the key. However, during setup, you could be notified that it is possible to put your key in escrow, with those limitations. Just make it unchecked by default.
Yes, 3LAs are suspicious of any crypto. Hell, border patrol will probably confiscate your laptop if they even suspect you are using crypto. Nevermind the fact that https gets used every day
However, if the key is not in escrow, they can be suspicious all they want, they don't get to snoop around in that data -- even if it is just a fine collection of spam in your inbox. Well, that is unless they compel you to give up you keys by some other unlawful measure, but that's another story.
They have a valid beef, but they won't invade the US for it. No sane regular government will do that, since it's quite hard to argue with 500 billion in defense spending.
I wonder whether any download managers already account for this kind of crap. It should be trivial to code managers that reset the connection every 15-20 seconds.
Sure, it ain't pretty on the servers, but the brainiacs at ComCast don't care.
From the horse's mouth, actually : http://www.microsoft.com/technet/archive/security/news/efs.mspx?mfr=true
...)
/possible/ to make EFS reasonably secure.
It's a very spinny article, of course.
The algorithms uses are, by and large, peer-reviewed ones believed to be implemented securely (i.e. 3DES, AES, etc), so thsoe people you know would probably be right on that front (though I obviously can't check the source code myself; this is not an empty "open source is better than X" proclamation, but rather a cold, hard fact in cryptology : if the source is not there to be examined, you can't be sure that there aren't implementation weaknesses that could be exploited. In this field, this is major; for instance, if by some unthought-of chain of events the cleartext encryption key ever gets swapped to disk, the game is over, no need to break the strong crypto itself
By default, EFS stores a copy of the encryption key for the administrator of the machine (or domain administrator if in a domain). In the latter case the recovery key does not reside on the local machine, in the former case it does. This is default behavior. While it's documented, it really should not be DEFAULT behavior. http://support.microsoft.com/default.aspx?scid=kb;en-us;223316&sd=tech lists some best practices you should follow for EFS. The first best practice starts with the words "Teach users to". This is a bad idea, no matter what follows.
As I noted, it's
You could, of course, build your own system. Portable computers based on Eden (i.e. rather small form factor) could be built and configured to your liking, then bolted for added physical security. To make that thing truly good, you'd need to spend a fair chunk of change on a decent cryptologist and engineer, though. The question to ask would be whether your data warrants that level of protection. If it does, do it right, don't rely on crap some low-level sales dweeb reads from his brochures. That's how these hardware enclosure manufacturers got duped.
...when you lose the RFID fob? Glad that you asked. Thank you for being our customer. Please go download http://vendor/recover.exe. It will recover your data on your harddrive. This is a feature. Thank you for your business. Does the mfg keep a list of serial #s and RFID keys so they can mail you/thief a replacement? Quite honestly the entire concept is flawed. a.) if you loose your key and somebody else can furbish another one, your crypto is broken by default. You cannot trust it to secure anything at all. b.) RFID IDs as keys ? Sure, everybody knows RFIDs can ONLY be read at a distance of several centimeters. Right ? RIGHT ?The question you should be asking is "If somebody copies my key, can I change the lock ?"
It's
It's also NEVER a good idea to use any "crypto developed in-house". Manufacturers love to tell you since they developed it and their development is secret and such that their product is safe and secure, much more secure even since nobody knows how it works.
Cryptologists laugh at those claims, and everybody else should, too. These non-encrypting devices are a good reason as to why they do so.
If you want truly encrypted files and disks, don't rely on cheap external enclosures. TrueCrypt is not hard to use and offers a decent level of protection (forget Windows crypto, it's littered with backdoors unless configured JUST right, which is not an easy task and definitely not default). Under linux, it's decidedly easy to use AES encryption on block devices. I guess their next product will use advanced ROT13 encryption technology. For good measure, they'll apply it twice -- after all, twice is better than once.
DVD ? Really ? I put in a DVD and it played.
Oh, you mean CSS-encrypted DVD ? Thank your media overlords for those content scrambling systems. However, even that is rectified if you take some action which is described, in two steps, in the help section of your system under "How do I watch DVDs ?".
bbc news ? It asks whether to install a plugin, I tell it to, click OK, and the video plays. Same as on Windows.
Fonts ? Really ? They look fine to me. But yeah, you can install the MS fonts if you wish. The core fonts are even available in the packages and will be installed when you install something that might benefit from them.
I haven't played with SMB filesharing on Ubuntu yet (since, quite frankly, I have not needed it). However, you seem to indicate it's a bad thing that it installs that feature on-demand. Did you look in the actual Ubuntu documentation ? You seem to fault an external site giving you incomplete information (was the HOWTO for your version of Ubuntu ? If not, would you use a Windows 98 tutorial for a Windows XP system ?)
Windows "just works" ? Are you freaking kidding me ? You don't need to install realplayer ? Windows Media Player ? A "proper" DVD codec ? Clearly, all that DivX, XviD, H.264 stuff ? iTunes so you can play AAC ? Quicktime Player ? All manner of plugins ? Anti-Spyware ? Anti-Virus ? "Personal" Firewalls ? Microsoft Office ? A few gazillion Windows updates requiring 3 restarts just so you don't get rooted out of the box ? All manner of rootkits from copy-"protected" media ? Gazillions of drivers and driver-versions ? Clean up all that crud from the autostart (not just the menu, but the "registry" as well ? Maybe you'll pick up some cool tips from your favourite PC rag on how to set some obscure string of registry settings to make something work ?
Neither system is perfect, and arguing that "Windows just works" is laughable. It takes about 2 minutes for you to take the Ubuntu disk, start up your computer, and be ready to post on Slashdot. It takes 20 minutes or so for the system to be installed (while you can post on slashdot and check your email, no less), after which you can immediately use it for regular office work and basic functionality. You can then spend as much time as you want getting more software, same as on any other OS.
If you want to argue that it should not be "so hard" to install Ubuntu, you should probably do a fair comparison -- namely compare it to installing Windows until you find it fit for daily use. If you want to compare the two systems after that point, don't consider the basic installation (that an OEM would do), but what you have to do after that.
I'll give you water power.
However, this old "just open the window" remark is getting really old. No, you cannot cool a datacenter by opening the window, even if it is really, really cold outside. Ideally, you want a constant temperature in the DC (opening a window would never allow for this), you need to cool racks individually (opening a window would, at most, cool one rack near the window). Let's not even mention the proverbial elements.
Yes, cold surroundings can help (since the differential to overcome is less). But opening the window has never been an option. Constant temperature is still hella expensive.