This is what Discord is good at. Private group chats, and you can, with some trouble, run a client-side script to clean out every message you wrote on a server, although it is a PITA. Server owners can do some privacy controls, including requiring members have two factor authentication or a phone number on the account.
Telegram is similar, to a lesser extent.
Facebook is becoming what E-mail once was, a "legacy" way of communicating if someone else can't be reached anywhere else.
I cannot agree more. Qubes is a very good solution. Next to that is using VMs for everything. Web browsing is done in one VM, banking and stuff in another, etc. Plus, some VM programs support encryption, further ensuring that data doesn't get lost. With decent backups and something like VMWare Workstation's AutoProtect [1], you have decent recoverability as well.
[1]: Snapshots are not backups. This is why having some form of backup, even just suspending the VM, and throwing the encrypted thing onto some secure media is critical.
If WhatsApp wanted true end to end security, they would have done a number of things:
1: They would have stored messages encrypted on the device. Signal and TextSecure do this, where you can have all messages they store be stored with encryption independent from the OS. For maximum security, the app could print out a recovery key on setup for the user to write down and save somewhere, then use a composite key derived from a PIN/password and a key stored in the KeyChain or Android's KeyStore. That way, the user doesn't need a hairy password to type in, but the cloud backups are well protected, making brute force pointless.
2: WhatsApp should allow import/export of the stored data, in a ZIP file with optional encryption. This way, stuff can be saved off and set aside, but still be accessible without the program, or re-imported.
3: WhatsApp should have its own backup/sync option with encryption. That way, it offer the user to flag the stored data as "do not backup" to the backup process on the phone, ensuring that the data doesn't leave the phone unencrypted.
I don't get why WhatsApp touts security, but doesn't figure in data at rest. Both Telegram and Signal have DAR protection.
There are a number of cloud encryption solutions. Boxcryptor works fairly well, and Cryptomater is similar.
The most iron clad is VeraCrypt, especially if you use keyfiles (and store the keyfiles on physically secure media.)
As for device cloud backups with encryption, with iOS, you pretty much have to have a machine that you can back up to at home. iPhone device backups are free game, so if concerned, back up your iWhatzit on a local PC with solid encryption, and set a password on the backup.
Android, you have more flexibility, provided you have root. Titanium Backup is one of the best backup apps period. It not just backs up encrypted, but does so in a smart manner. It generates a public/private keypair, attaches it to every backup file. The public key is used for encrypted backups, and the private key is encrypted with your password, all transparant, and it can store the backups on a cloud provider. That way, you not just know you have backups, but they are well protected.
Sadly, fashion, not logic is important. It gets you past the non tech interviewers and past HR. In fact, I've found that to even get interviewed by the technical people, fashion is a must, and in interviews, usually the tech people's recommendations are tossed out for who the manager likes or dislikes. I've seen people hired just because they drove BMWs, and the boss considered people who drove relatively expensive foreign cars more likely to care about status and their job. Some companies, it isn't this way... if people interviewing know what they are doing, they will toss someone, and the management will respect it. Other companies, is about form over function.
People assume so much about your E-mail address. If I have an aol.com address, that has a negative connotation. For "free" E-mail [1], gmail is probably the most neutral. me.com/icloud can be looked at as good/bad depending on the company. Yahoo seems to be a provider mainly used as a place to dump ads when you have to give an email address for some local store's app. Anything with the "mail" as part of the domain might look cheesy.
I have found that having one's own domain and paying a few bucks a month for E-mail is worth it. People tend to remember your domain, for better or worse.
Caveat: If you are doing a job hunt, use aliases. For example, have a different email address on your resume than the one you use normally. The phone number, similar. Use Google Voice or similar. If you don't, you will continue to have recruiters calling you 24/7 saying they have a job for $8 an hour in Lower Elbonia that requires a MCSE, CCIE, CISSP, and RHCA, and are you available for work. You will get a recruiter calling, then emailing you constantly about completely irrelevant stuff, in hopes his scattergun technique lands him someone.
[1]: TANSTAAFL. You pay for "free" email. $DEITY knows who has full, unfettered access to your mailbox. For example, Yahoo now has part of their ToS, that Verizon has access to your stuff.
No, people may not be interested in building a custom ROM, or even rooting a device, but if their techie friend warns them that the phone from FooTel will ship with adware and spyware that they can't get rid of, and uploads their intimate pictures to some site overseas, they will eschew that phone for something more trustworthy.
I have had people ask a brand provider recommendation more than once, and privacy is a big concern, even for the people who are relatively clueless about tech stuff. They may not be rooting their phones, but they will be looking for advice from people who do.
What holds Linux back is not "games", nor Acrobat. It is a tool for massively managing desktops in a commodized fashion. Microsoft's main reason for being so entrenched in the enterprise is the entire Active Directory GPO system, which allows for a lot of flexibility. Microsoft's AD also has a lot of enterprise tools as well.
This doesn't say that one can do similar with a masterless Puppet setup using hiera and a ton of custom manifests, or having Salt, Chef, or Ansible have clients pull the configs from a load-balanced Git repository. However, for a massive scale, AD and GPOs are definitely top dog, making it easy to manage thousands to millions of Windows desktops.
For Linux to really hit the desktop market, there needs to be a similar mechanism that can be opened and deployed out of the box, or Linux distros should have some way of being able to be managed from an AD GPOs (where one can set password policies, Fail2ban, and other stuff.)
Once the enterprise has mass management tools in place, home desktops will follow.
One good thing about it is the length gives significantly more surface area for cooling than a 2.5" form factor does. With more of the server chassis in contact with the SSD, it can mean better heat removal, which definitely will help with component life.
Hopefully there will be half-length form factors for workstations.
Maybe about 5-7 years ago, but it seems that storage has leveled off. HDD and SSD prices have been almost unchanged in the past two years.
I have read about storage density improvements for years now. However, prices and capacity are basically unchanged since 2016. When stuff changes in the marketplace, what is when I might care.
Looks like Feitian is the maker that Google chose to OEM. At $16.99 and $24.99, they are fairly reasonably priced, and the Bluetooth one actually supports iOS.
A Yubikey ensures that there is a live body sitting at the computer/phone/whatever that is requesting access. Yes, malware could put up a fake request, but what the key does is narrow down the attack to just the time it takes to press that button and acknowledge things.
HP also had those. After a year or two, the fans needed to keep the desktop processor from overheating and melting sounded like an Osprey taking off. I am glad those things are long gone.
The desktop replacements did get better. Clevo had some laptops which actually had a MP3 player that was in a slot, three drive bays, decent graphics, and decent RAM for the time. However, with the fact that laptops got to a "good enough" point, those relatively heavy ones were relegated to a niche market.
These days, I think I know one company that actually uses Xeons in a laptop format. Everyone else uses mobile CPUs.
Maybe we need an open source TPM. The functionality for one of these chips is not exactly complicated. Take some values, hash them against previous values, then if the has matches a stored hash, pass the key, otherwise, pass a middle finger. A small ASIC likely could do this functionality, although economies of scale do come into play.
Earlier this summer, Yubico mentioned this as part of a conference. For something as large as Google, this is pretty notable.
The biggest advantage the Yubikeys give is the proof there is some type of living being at the machine, via the button press. Of course, this doesn't mean 100% security in the future, but it means that an attack has to be done and queued up when someone is using the machine.
The ideal is to avoid using passphrases at all, other than recovery phrases which can be extremely long (longer than the cipher's bit size), like BitLocker's or FileVault's personal recovery key. That way, an attacker has to guess from a 256 bit keyspace minimum.
There is nothing wrong with a TPM or Secure Enclave chip, provided it doesn't communicate with anything else, so the chance of it getting remotely backdoored is slim. From there, the machine can be configured to boot quietly to the OS login screen, but require a recovery code to mount the protected volume in any other state, require a PIN on boot, enforced by the security chip with ever-longer delays, or even after ten tries, erasing the stored key on the chip and on the drive, or similar. Bonus points if a duress code could be configured so the machine boots, then hits a kernel panic, with the key erased, and the SSD completely wiped by the TRIM command.
I think this is the case with SSDs in general. Worst case, a hard disk can be shipped to a clean room, and sectors that are not physically scraped off can be recovered. However, once the electrons bail the gates, that data is gone for good.
These days, backups are mandatory. Not just Time Machine, but something like Crashplan, Backblaze, or something that can do file backups offsite, so one had 3-2-1 protection.
All SATA and SAS drives are designed to be hot plugged and swapped, although people don't do that. Just because the hardware won't physically fry due to a hot unplug doesn't mean the data will be fine.
It would be nice if there were better mechanisms in operating systems to eject media. For example, an I/O signal to send to a process that no further writes can be done, with some way of telling the process how much stuff got written, so it could resume writing when the media is available, or otherwise exit gracefully. Hardware-wise, it would be nice to have an eject button, that once all the caches are flushed, that glows or otherwise signals that the media is ready for removal.
AIX LPARs come to mind as well. In fact, I remember the IBM guys saying that not using PowerVM would have less performance than using a LPAR and two VIO servers (trust me... you want two for redundancy.)
I have never read about a leak out of a LPAR, so IBM did something right.
Do I consider virtualization more secure than containers? If a VM corrupts its own filesystem, you can just toss the VM and rebuild. If a container shits the bed somehow, it can affect the host machine's filesystem, especially if there is no way to set file size and inode limits. Same with jails. Without limits, a process can burn up all available inodes or disk space, or just do heavy I/O to bog down a machine, while with VMs, if vCPUs are allocated right, that is limited.
As far as I know, Singapore also doesn't follow the "security has no ROI" mantra that a lot of companies have, so someone might actually feel heat for this.
If I wanted a laptop from the ground up for Linux, I wouldn't mind sacrificing a few millimeters of thickness for some useful features:
1: A rugged aluminum chassis with hard anodizing so it doesn't scratch if looked it. 2: Everything replaceable as much as possible, RAM, SSD, HDD, etc. 3: USB-C charging ability in and out. 4: Five year warranty. 5: OPAL, or other hardware encrypting SSD. 6: More than USB-C ports. A SD card, regular USB-A port, and even a combination USB/e-SATA port would be highly useful. 7: A Kensington lock slot, even if it done XJack style and slides out, or even better cleverly designed like the old Thinkpads to prevent the machine from being opened if it is in use.
The closest thing is how it was a year ago with anything Bitcoin related. Write "Linux" on anything, and you got tons of funding. Then, your company ended up on fuckedcompany.com when it went kaput come 2000-2001.
Slashdot Mirror
This is what Discord is good at. Private group chats, and you can, with some trouble, run a client-side script to clean out every message you wrote on a server, although it is a PITA. Server owners can do some privacy controls, including requiring members have two factor authentication or a phone number on the account.
Telegram is similar, to a lesser extent.
Facebook is becoming what E-mail once was, a "legacy" way of communicating if someone else can't be reached anywhere else.
I cannot agree more. Qubes is a very good solution. Next to that is using VMs for everything. Web browsing is done in one VM, banking and stuff in another, etc. Plus, some VM programs support encryption, further ensuring that data doesn't get lost. With decent backups and something like VMWare Workstation's AutoProtect [1], you have decent recoverability as well.
[1]: Snapshots are not backups. This is why having some form of backup, even just suspending the VM, and throwing the encrypted thing onto some secure media is critical.
If WhatsApp wanted true end to end security, they would have done a number of things:
1: They would have stored messages encrypted on the device. Signal and TextSecure do this, where you can have all messages they store be stored with encryption independent from the OS. For maximum security, the app could print out a recovery key on setup for the user to write down and save somewhere, then use a composite key derived from a PIN/password and a key stored in the KeyChain or Android's KeyStore. That way, the user doesn't need a hairy password to type in, but the cloud backups are well protected, making brute force pointless.
2: WhatsApp should allow import/export of the stored data, in a ZIP file with optional encryption. This way, stuff can be saved off and set aside, but still be accessible without the program, or re-imported.
3: WhatsApp should have its own backup/sync option with encryption. That way, it offer the user to flag the stored data as "do not backup" to the backup process on the phone, ensuring that the data doesn't leave the phone unencrypted.
I don't get why WhatsApp touts security, but doesn't figure in data at rest. Both Telegram and Signal have DAR protection.
There are a number of cloud encryption solutions. Boxcryptor works fairly well, and Cryptomater is similar.
The most iron clad is VeraCrypt, especially if you use keyfiles (and store the keyfiles on physically secure media.)
As for device cloud backups with encryption, with iOS, you pretty much have to have a machine that you can back up to at home. iPhone device backups are free game, so if concerned, back up your iWhatzit on a local PC with solid encryption, and set a password on the backup.
Android, you have more flexibility, provided you have root. Titanium Backup is one of the best backup apps period. It not just backs up encrypted, but does so in a smart manner. It generates a public/private keypair, attaches it to every backup file. The public key is used for encrypted backups, and the private key is encrypted with your password, all transparant, and it can store the backups on a cloud provider. That way, you not just know you have backups, but they are well protected.
Sadly, fashion, not logic is important. It gets you past the non tech interviewers and past HR. In fact, I've found that to even get interviewed by the technical people, fashion is a must, and in interviews, usually the tech people's recommendations are tossed out for who the manager likes or dislikes. I've seen people hired just because they drove BMWs, and the boss considered people who drove relatively expensive foreign cars more likely to care about status and their job. Some companies, it isn't this way... if people interviewing know what they are doing, they will toss someone, and the management will respect it. Other companies, is about form over function.
People assume so much about your E-mail address. If I have an aol.com address, that has a negative connotation. For "free" E-mail [1], gmail is probably the most neutral. me.com/icloud can be looked at as good/bad depending on the company. Yahoo seems to be a provider mainly used as a place to dump ads when you have to give an email address for some local store's app. Anything with the "mail" as part of the domain might look cheesy.
I have found that having one's own domain and paying a few bucks a month for E-mail is worth it. People tend to remember your domain, for better or worse.
Caveat: If you are doing a job hunt, use aliases. For example, have a different email address on your resume than the one you use normally. The phone number, similar. Use Google Voice or similar. If you don't, you will continue to have recruiters calling you 24/7 saying they have a job for $8 an hour in Lower Elbonia that requires a MCSE, CCIE, CISSP, and RHCA, and are you available for work. You will get a recruiter calling, then emailing you constantly about completely irrelevant stuff, in hopes his scattergun technique lands him someone.
[1]: TANSTAAFL. You pay for "free" email. $DEITY knows who has full, unfettered access to your mailbox. For example, Yahoo now has part of their ToS, that Verizon has access to your stuff.
No, people may not be interested in building a custom ROM, or even rooting a device, but if their techie friend warns them that the phone from FooTel will ship with adware and spyware that they can't get rid of, and uploads their intimate pictures to some site overseas, they will eschew that phone for something more trustworthy.
I have had people ask a brand provider recommendation more than once, and privacy is a big concern, even for the people who are relatively clueless about tech stuff. They may not be rooting their phones, but they will be looking for advice from people who do.
What holds Linux back is not "games", nor Acrobat. It is a tool for massively managing desktops in a commodized fashion. Microsoft's main reason for being so entrenched in the enterprise is the entire Active Directory GPO system, which allows for a lot of flexibility. Microsoft's AD also has a lot of enterprise tools as well.
This doesn't say that one can do similar with a masterless Puppet setup using hiera and a ton of custom manifests, or having Salt, Chef, or Ansible have clients pull the configs from a load-balanced Git repository. However, for a massive scale, AD and GPOs are definitely top dog, making it easy to manage thousands to millions of Windows desktops.
For Linux to really hit the desktop market, there needs to be a similar mechanism that can be opened and deployed out of the box, or Linux distros should have some way of being able to be managed from an AD GPOs (where one can set password policies, Fail2ban, and other stuff.)
Once the enterprise has mass management tools in place, home desktops will follow.
One good thing about it is the length gives significantly more surface area for cooling than a 2.5" form factor does. With more of the server chassis in contact with the SSD, it can mean better heat removal, which definitely will help with component life.
Hopefully there will be half-length form factors for workstations.
Maybe about 5-7 years ago, but it seems that storage has leveled off. HDD and SSD prices have been almost unchanged in the past two years.
I have read about storage density improvements for years now. However, prices and capacity are basically unchanged since 2016. When stuff changes in the marketplace, what is when I might care.
Looks like Feitian is the maker that Google chose to OEM. At $16.99 and $24.99, they are fairly reasonably priced, and the Bluetooth one actually supports iOS.
A Yubikey ensures that there is a live body sitting at the computer/phone/whatever that is requesting access. Yes, malware could put up a fake request, but what the key does is narrow down the attack to just the time it takes to press that button and acknowledge things.
DRM, and the ability to have a camera and microphone in the consumer's place for those oh, so sweet, analytic data.
HP also had those. After a year or two, the fans needed to keep the desktop processor from overheating and melting sounded like an Osprey taking off. I am glad those things are long gone.
The desktop replacements did get better. Clevo had some laptops which actually had a MP3 player that was in a slot, three drive bays, decent graphics, and decent RAM for the time. However, with the fact that laptops got to a "good enough" point, those relatively heavy ones were relegated to a niche market.
These days, I think I know one company that actually uses Xeons in a laptop format. Everyone else uses mobile CPUs.
Maybe we need an open source TPM. The functionality for one of these chips is not exactly complicated. Take some values, hash them against previous values, then if the has matches a stored hash, pass the key, otherwise, pass a middle finger. A small ASIC likely could do this functionality, although economies of scale do come into play.
Earlier this summer, Yubico mentioned this as part of a conference. For something as large as Google, this is pretty notable.
The biggest advantage the Yubikeys give is the proof there is some type of living being at the machine, via the button press. Of course, this doesn't mean 100% security in the future, but it means that an attack has to be done and queued up when someone is using the machine.
Until it doesn't. It seems common for it to pop up and say that a backup is corrupted, and prompts you to erase the stored backup and start fresh.
The ideal is to avoid using passphrases at all, other than recovery phrases which can be extremely long (longer than the cipher's bit size), like BitLocker's or FileVault's personal recovery key. That way, an attacker has to guess from a 256 bit keyspace minimum.
There is nothing wrong with a TPM or Secure Enclave chip, provided it doesn't communicate with anything else, so the chance of it getting remotely backdoored is slim. From there, the machine can be configured to boot quietly to the OS login screen, but require a recovery code to mount the protected volume in any other state, require a PIN on boot, enforced by the security chip with ever-longer delays, or even after ten tries, erasing the stored key on the chip and on the drive, or similar. Bonus points if a duress code could be configured so the machine boots, then hits a kernel panic, with the key erased, and the SSD completely wiped by the TRIM command.
I think this is the case with SSDs in general. Worst case, a hard disk can be shipped to a clean room, and sectors that are not physically scraped off can be recovered. However, once the electrons bail the gates, that data is gone for good.
These days, backups are mandatory. Not just Time Machine, but something like Crashplan, Backblaze, or something that can do file backups offsite, so one had 3-2-1 protection.
All SATA and SAS drives are designed to be hot plugged and swapped, although people don't do that. Just because the hardware won't physically fry due to a hot unplug doesn't mean the data will be fine.
It would be nice if there were better mechanisms in operating systems to eject media. For example, an I/O signal to send to a process that no further writes can be done, with some way of telling the process how much stuff got written, so it could resume writing when the media is available, or otherwise exit gracefully. Hardware-wise, it would be nice to have an eject button, that once all the caches are flushed, that glows or otherwise signals that the media is ready for removal.
AIX LPARs come to mind as well. In fact, I remember the IBM guys saying that not using PowerVM would have less performance than using a LPAR and two VIO servers (trust me... you want two for redundancy.)
I have never read about a leak out of a LPAR, so IBM did something right.
Do I consider virtualization more secure than containers? If a VM corrupts its own filesystem, you can just toss the VM and rebuild. If a container shits the bed somehow, it can affect the host machine's filesystem, especially if there is no way to set file size and inode limits. Same with jails. Without limits, a process can burn up all available inodes or disk space, or just do heavy I/O to bog down a machine, while with VMs, if vCPUs are allocated right, that is limited.
As far as I know, Singapore also doesn't follow the "security has no ROI" mantra that a lot of companies have, so someone might actually feel heat for this.
Isn't part of the standard having the data stored in a public AWS bucket?
If I wanted a laptop from the ground up for Linux, I wouldn't mind sacrificing a few millimeters of thickness for some useful features:
1: A rugged aluminum chassis with hard anodizing so it doesn't scratch if looked it.
2: Everything replaceable as much as possible, RAM, SSD, HDD, etc.
3: USB-C charging ability in and out.
4: Five year warranty.
5: OPAL, or other hardware encrypting SSD.
6: More than USB-C ports. A SD card, regular USB-A port, and even a combination USB/e-SATA port would be highly useful.
7: A Kensington lock slot, even if it done XJack style and slides out, or even better cleverly designed like the old Thinkpads to prevent the machine from being opened if it is in use.
Just the name makes me think of advertising rhetoric or some guy in marketing talking about edgy, or throwing buzzwords at something.
Realistically, they should have made a name for the OS that is simple and understandable. Even something like 76OS would be useful.
The closest thing is how it was a year ago with anything Bitcoin related. Write "Linux" on anything, and you got tons of funding. Then, your company ended up on fuckedcompany.com when it went kaput come 2000-2001.