Before Tesla was on the map, there were three wheeled electric cars scooting around Austin. Of course, the range was crap, and they looked fugly... but local stores were buying them, since they were good runabout vehicles for deliveries, and had very little maintenance requirements.
There are a lot of companies producing electric vehicles. They may not be supercar contenders, but battery technology is stable enough that even RVs are getting lithium battery systems. Electric drivetrains are also a solved problem.
Europe likely will go all electric before the US does, just because they have far less land to populate with charging stations. However, it is likely we will see vehicles in the US that are electric cars, except with an IC generator whose sole job is to provide power to the batteries and has no connection to the drivetrain, until battery technology improves enough that range anxiety for long trips coupled with fast charging, isn't an issue.
I don't really care about the OS these days, I use what is best for the workload at hand. Having the option of Linux can't hurt, especially how Kubernates is a "make or break" product in a lot of newer shops.
Of course, a lot of shops are best using Linux, and shoehorning Windows only adds another layer. However, there are shops that have a significant Windows investment, in both licenses and skills, where having Linux on Windows may be their best solution.
There are some things which only Windows can do, and are needed. AD for example. However, there are some applications which only run on Linux (or UNIXes like macOS) and are nice to have, like Borg Backup, which does a great job for deduplicating and encrypting content.
I can see -some- cryptocurrency being the king of the hill when it comes to finances. However, it isn't going to be Bitcoin:
1: The Lightning Network has a number of flaws (a DDoS can allow an attacker to double-spend.) 2: The transaction overhead and cost required to add anything to the current blockchain. 3: The size of the blockchain. You either start and chug through all 160+ gigs of blockchain, or you risk getting double-spend. Yes, you could "trust" an exchange, but then why bother with a decentralized currency, and just use PayPal, which is a lot easier? 4: No anonymity. There is a lot of money thrown at finding who owns what wallets. Transactions are immutable, and will be definite open-and-shut cases if someone is arrested for their stuff on the Blockchain. 5: The concern that one party/country has more than 51% control of miners, although AFAIK, nobody has noticed any blockchain hanky-panky.
What the ideal cryptocurrency will have might be a few of the following:
1: Anonymity, similar to DASH or Monero's ring signatures. 2: Multi-sig capability to allow escrow. 3: Some way of doing a checkpoint where only a tiny subset of the blockchain has to be validated for a transaction to take place. 4: A way to keep transaction sizes small. 5: A proof of stake, proof of capacity, or other style for mining. 6: A large currency cap (trillions to quadrillions), so it can be used long term.
Bitcoin is an excellent "v1.0" cryptocurrency, but there are so many others that have dealt with BTC's issues.
I don't see how a hardware wallet is any more secure (in practical terms, that is) than a cellphone running LineageOS and no SIM or an iPod Touch.
iPods may be passe, but an iPod Touch is well suited for a near-line wallet. It has on-disk encryption, decent protection, no cellular system, so it has to be explicitly connected to do transactions, and doesn't have as many subsystems (which could be hacked or exploited, like the cellular CPU.) Of course, the wallet app should "pack its own parachute" and do its own separate encryption on data, even if the OS does its own encryption. This could be done using OpenPGP libraries or OpenSSL libraries.
I wonder how good Diaspora is these days. The concept of having small "social networks" that communicate with each other is nice, although this was done before. Everything FB does has been handled by other protocols, with FB's main advantage being a "one-stop shop". Messaging is handled by a slew of protocols. A "wall" is a web page that WordPress or similar can handle well. Web forums replace groups. For videos, an open S3 bucket is good for downloads, or perhaps someone just keeps a torrent seeded.
My concern about FB is that they can do what they want. If they want to change a conversation between two people, they can. If they don't like one political view, they can hush it, and nobody can do a single thing about it. This is why moving to a decentralized network is important.
The ironic thing is that FB Messenger uses Signal for private messaging as well, if you hit the "Secret" button.
I personally like Signal, since the RedPhone/TextSecure days, and even though a determined attacker might be able to do some tomfoolery, the protocol is good enough for all but some ultra confidential things (which are sent as GPG ASCII armored files, or are pointers to a downloadable TrueCrypt container with the keyfiles and passphase sent via separate channels.)
What would be ideal would be more cryptocurrencies that use proof of storage, not proof of work. This would provide two benefits. It would first lower the amount of power wasted to twiddle numbers. Second, it would urge storage makers to increase storage density and make higher capacity drives for less cash, benefiting everyone.
PHI gets hacked every day. Someone leaves their patient DB in a public S3 bucket, a database runs as SYSDBA because the developer has to make deliverables, and consequences for a breach will not filter to him/her, backups are done without any regard for encryption key management, AD doesn't have lockouts, nor someone giving a shit enough to actually read logs, especially if someone is trying to brute-force the DA/EA account (which is likely not even renamed.)
Do we want more stuff which eventually will become public domain? With the pathetic way a lot of companies protect PHI/PII, the best thing is that the data never exists in the first place, or is destroyed as soon as possible.
With coins going for so much money, a DDoS would be relatively cheap, in return for the gains involved.
It might be just better to swap to another coinage protocol for transactions, and use BTC as more of a store of value as opposed to something for transactions, especially with currencies like Monero which address a lot of the anonymity issues.
AMD has its bugs, but one new feature that they have implemented is RAM encryption. This way, one VM has no way of obtaining content from another VM's RAM space, should a leak be possible. Why not be proactive in dealing with virtualization and keeping stuff separate, perhaps adding some pipeline randomization to foil side channel attacks?
Intel knows what they are doing. Might as well be ahead of the curve and add some useful security features.
Had IHeartMedia kept the same programming that stations had before, or provided stations with some autonomy, things would have been completely different. People would be exposed to new bands and songs, the radio station would be a core pillar of the community, DJs could rally people for worthy causes, and musicians would have a place to get their hot tracks played.
However, this didn't happen. They took the quick buck route and destroyed their future. This worked well for a few years, but it killed radio as a whole as a viable medium. People have moved on to social networks and streaming sites. Only talk radio remains.
If you do backups, look at the 3-2-1 methodology. Three copies, two on different media, one offsite.
For example: CrashPlan and Veeam to a NAS. CrashPlan takes care of offsite documents, Veeam allows you to restore locally. A lot of NAS models also can back themselves up as well as keep snapshots, so a share nailed by ransomware can be rolled back quickly, or restored from somewhere.
Even if there is almost zero percent change that the ransomware authors can/will unlock files, people will still pay. Mainly because they have a lottery's chance of getting their files back versus 0% if they don't.
Microsoft is making money hand over fist from Android/Linux patents. Why would they want to kill Linux, because they get two billion dollars a year from the operating system at the minimum? Two billion may not be much compared to the 90 billion/year a year total revenue, but it is still something.
Of course, they would love to control the OS, but as it stands right now, they are better off making it interoperable than continuing to fight it, Halloween Memo style. Especially if they can start getting their management tools to work well on the platform, which brings another revenue stream.
What it boils down to is who is the paying customer. With FB, users are the product. Same with Google. This is why one uses a decent VPN, that you pay for, and where the VPN provider's reputation matters.
VPNs are a must have, just because ISPs and local endpoints do so many shenanigans.
First, Windows S, which locks out all programs except Windows Store ones, is offered. Then merged with the mainstream OS. I have a feeling that it may wind up becoming the default, then "non-S" mode eventually becoming a chargable extra, or even deleted sooner or later.
Maybe I need a better tinfoil hat. For some purposes, "S-mode" can be useful, but I wonder if it really can protect against Trojans or malware.
I rip my own CDs (Apple Lossless, just because storage is so relatively cheap so might as well have full quality... the days of having to make sure your 128kbps MP3s sound as good as possible using LAME and EAC are long behind us although EAC is still useful for dealing with CD errors.)
I also have a substantial AAC collection from iTunes. I learned not to trust if I can re-download songs again, so my iTunes collection gets stored on a NAS. This way, if I want to copy songs onto an Android device, it is a matter of mounting the phone as a USB flash drive on my NAS, and doing an rsync, or rsync over ssh if I don't feel like connecting the devices.
I am not sure what part of iTunes Apple wants to tank. The music store would suck, but there is always Google, Amazon, or foreign sites which have songs that can't be bought in the US.
The iTunes app itself is one of the few ways to put music on the device, although iFunBox can be used as an alternative. Maybe Apple might force iCloud Music to be the only way to play music outside of firing up a third party app (Spotify, YouTube Music). Hopefully not.
I do agree the iTunes app needs an end to end refactor/redesign. It has wound up being the kitchen sink when it comes to things, be it DFU flashing soft-bricked iOS devices, managing a music collection on a Mac or Windows, transferring files to/from an iOS device, being a content store, and so on. However, I hope it doesn't gut features when this is done.
I was thinking the same thing. I had a few feature ideas come to mind:
Something like having the SSD which support the Secure Trim command (blkdiscard -s), where when the command is given, the trimmed pages are immediately cryptographically erased.
Tamper resistance -- if the machine is opened, the keys to the SSD are dumped, similar to the ORWL desktop computer.
A GPS/Wi-Fi system which would get the OS to suspend/hibernate if the machine is taken out of the medical area without an exception made, requiring a passphrase or a network unlock to turn back on.
A special function of the laptop's keyboard where it locks out all access from the OS when a password is requested, to protect against keyloggers.
Some type of keylock so the machine can be physically secured, as well as having the keyboard/mouse rendered inoperable. This keeps the machine from being locked out when a patient sits there and tries to guess usernames/passwords.
A special NIC which can be configured to only allow the laptop to communicate via specific SSIDs (with certificates to authenticate.)
A HID card reader allowing easy login/unlock access.
A one-button reimage process that would have the BIOS securely erase everything, hop onto a preset SSID, and start the PXE boot, with the machine being added to AD.
San Antonio isn't a bad town to move to. It has two (going on three) loops, where even at 5:30 rush hour, you can still get around town at a reasonable clip. Yes, it has crime, but it is nowhere what it used to be. Only real notable thing to watch out for are uninsured motorists, so bump up your PIP and underinsured/uninsured coverage.
Thanks. I would say that I trust XPrivacy more, because it allows better faking of things, even contacts and music listings. If the XPosed framework is still being kept up to date, that is definitely a plus as well.
With most things, caveat emptor. If a fleshlight app requires every permission available including ACCESS_SUPERUSER, which almost apps do, people need to not install it, or find a garbage device to install it and remove it, just to write a one star review.
This is how many dev houses make their money. It isn't the game itself, it is the real time geo-location figures that can be handed over to anyone who wants them that brings in the dosh.
I wish XPrivacy were still around. Those types of apps that want everything can get it... nothing beats fresh numbers straight from my device's/dev/urandom.
XPrivacy has not been updated in years, and the Git repo is archived by the owner. I wish there were a fork of this that was actively maintained. It used to be a must have because it would allow apps that had to slurp up info all the info they could ever want... fresh from/dev/urandom or/dev/zero.
Having one's own encryption layer is better than nothing, especially if the phone's encryption may not be secure. Yes, an app developer might have to take the time to realize using AES in ECB mode is not a good thing, but that is better than nothing.
Maybe app developers should consider doing their own encryption for data stored? This could be fairly simple, depending on the persistence of the data. If the data doesn't leave the device, create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. That way, the OS (which is normally secure) maintains security, but the app still has stuff secured by the separate added PIN/passphrase.
If the data has to be backed up, it could be encrypted with a nonce, and a HMAC of the nonce and the PIN/PW used to secure it if it backed up to iCloud or if it goes to iCloud directly as a file.
For backups, one can do an architecture similar to Titanium Backup. Prompt for a password, generate a keypair, encrypt the private key with the password, then bundle the encrypted private key with every backup (or perhaps file). This allows backups to be done using the public key, and restores easily done by prompting for the password.
OpenSSL is available on iOS, so this shouldn't be too much of a stretch.
Slashdot Mirror
Before Tesla was on the map, there were three wheeled electric cars scooting around Austin. Of course, the range was crap, and they looked fugly... but local stores were buying them, since they were good runabout vehicles for deliveries, and had very little maintenance requirements.
There are a lot of companies producing electric vehicles. They may not be supercar contenders, but battery technology is stable enough that even RVs are getting lithium battery systems. Electric drivetrains are also a solved problem.
Europe likely will go all electric before the US does, just because they have far less land to populate with charging stations. However, it is likely we will see vehicles in the US that are electric cars, except with an IC generator whose sole job is to provide power to the batteries and has no connection to the drivetrain, until battery technology improves enough that range anxiety for long trips coupled with fast charging, isn't an issue.
I don't really care about the OS these days, I use what is best for the workload at hand. Having the option of Linux can't hurt, especially how Kubernates is a "make or break" product in a lot of newer shops.
Of course, a lot of shops are best using Linux, and shoehorning Windows only adds another layer. However, there are shops that have a significant Windows investment, in both licenses and skills, where having Linux on Windows may be their best solution.
There are some things which only Windows can do, and are needed. AD for example. However, there are some applications which only run on Linux (or UNIXes like macOS) and are nice to have, like Borg Backup, which does a great job for deduplicating and encrypting content.
I can see -some- cryptocurrency being the king of the hill when it comes to finances. However, it isn't going to be Bitcoin:
1: The Lightning Network has a number of flaws (a DDoS can allow an attacker to double-spend.)
2: The transaction overhead and cost required to add anything to the current blockchain.
3: The size of the blockchain. You either start and chug through all 160+ gigs of blockchain, or you risk getting double-spend. Yes, you could "trust" an exchange, but then why bother with a decentralized currency, and just use PayPal, which is a lot easier?
4: No anonymity. There is a lot of money thrown at finding who owns what wallets. Transactions are immutable, and will be definite open-and-shut cases if someone is arrested for their stuff on the Blockchain.
5: The concern that one party/country has more than 51% control of miners, although AFAIK, nobody has noticed any blockchain hanky-panky.
What the ideal cryptocurrency will have might be a few of the following:
1: Anonymity, similar to DASH or Monero's ring signatures.
2: Multi-sig capability to allow escrow.
3: Some way of doing a checkpoint where only a tiny subset of the blockchain has to be validated for a transaction to take place.
4: A way to keep transaction sizes small.
5: A proof of stake, proof of capacity, or other style for mining.
6: A large currency cap (trillions to quadrillions), so it can be used long term.
Bitcoin is an excellent "v1.0" cryptocurrency, but there are so many others that have dealt with BTC's issues.
I don't see how a hardware wallet is any more secure (in practical terms, that is) than a cellphone running LineageOS and no SIM or an iPod Touch.
iPods may be passe, but an iPod Touch is well suited for a near-line wallet. It has on-disk encryption, decent protection, no cellular system, so it has to be explicitly connected to do transactions, and doesn't have as many subsystems (which could be hacked or exploited, like the cellular CPU.) Of course, the wallet app should "pack its own parachute" and do its own separate encryption on data, even if the OS does its own encryption. This could be done using OpenPGP libraries or OpenSSL libraries.
I wonder how good Diaspora is these days. The concept of having small "social networks" that communicate with each other is nice, although this was done before. Everything FB does has been handled by other protocols, with FB's main advantage being a "one-stop shop". Messaging is handled by a slew of protocols. A "wall" is a web page that WordPress or similar can handle well. Web forums replace groups. For videos, an open S3 bucket is good for downloads, or perhaps someone just keeps a torrent seeded.
My concern about FB is that they can do what they want. If they want to change a conversation between two people, they can. If they don't like one political view, they can hush it, and nobody can do a single thing about it. This is why moving to a decentralized network is important.
The ironic thing is that FB Messenger uses Signal for private messaging as well, if you hit the "Secret" button.
I personally like Signal, since the RedPhone/TextSecure days, and even though a determined attacker might be able to do some tomfoolery, the protocol is good enough for all but some ultra confidential things (which are sent as GPG ASCII armored files, or are pointers to a downloadable TrueCrypt container with the keyfiles and passphase sent via separate channels.)
What would be ideal would be more cryptocurrencies that use proof of storage, not proof of work. This would provide two benefits. It would first lower the amount of power wasted to twiddle numbers. Second, it would urge storage makers to increase storage density and make higher capacity drives for less cash, benefiting everyone.
PHI gets hacked every day. Someone leaves their patient DB in a public S3 bucket, a database runs as SYSDBA because the developer has to make deliverables, and consequences for a breach will not filter to him/her, backups are done without any regard for encryption key management, AD doesn't have lockouts, nor someone giving a shit enough to actually read logs, especially if someone is trying to brute-force the DA/EA account (which is likely not even renamed.)
Do we want more stuff which eventually will become public domain? With the pathetic way a lot of companies protect PHI/PII, the best thing is that the data never exists in the first place, or is destroyed as soon as possible.
With coins going for so much money, a DDoS would be relatively cheap, in return for the gains involved.
It might be just better to swap to another coinage protocol for transactions, and use BTC as more of a store of value as opposed to something for transactions, especially with currencies like Monero which address a lot of the anonymity issues.
AMD has its bugs, but one new feature that they have implemented is RAM encryption. This way, one VM has no way of obtaining content from another VM's RAM space, should a leak be possible. Why not be proactive in dealing with virtualization and keeping stuff separate, perhaps adding some pipeline randomization to foil side channel attacks?
Intel knows what they are doing. Might as well be ahead of the curve and add some useful security features.
Had IHeartMedia kept the same programming that stations had before, or provided stations with some autonomy, things would have been completely different. People would be exposed to new bands and songs, the radio station would be a core pillar of the community, DJs could rally people for worthy causes, and musicians would have a place to get their hot tracks played.
However, this didn't happen. They took the quick buck route and destroyed their future. This worked well for a few years, but it killed radio as a whole as a viable medium. People have moved on to social networks and streaming sites. Only talk radio remains.
If you do backups, look at the 3-2-1 methodology. Three copies, two on different media, one offsite.
For example: CrashPlan and Veeam to a NAS. CrashPlan takes care of offsite documents, Veeam allows you to restore locally. A lot of NAS models also can back themselves up as well as keep snapshots, so a share nailed by ransomware can be rolled back quickly, or restored from somewhere.
Even if there is almost zero percent change that the ransomware authors can/will unlock files, people will still pay. Mainly because they have a lottery's chance of getting their files back versus 0% if they don't.
Microsoft is making money hand over fist from Android/Linux patents. Why would they want to kill Linux, because they get two billion dollars a year from the operating system at the minimum? Two billion may not be much compared to the 90 billion/year a year total revenue, but it is still something.
Of course, they would love to control the OS, but as it stands right now, they are better off making it interoperable than continuing to fight it, Halloween Memo style. Especially if they can start getting their management tools to work well on the platform, which brings another revenue stream.
What it boils down to is who is the paying customer. With FB, users are the product. Same with Google. This is why one uses a decent VPN, that you pay for, and where the VPN provider's reputation matters.
VPNs are a must have, just because ISPs and local endpoints do so many shenanigans.
First, Windows S, which locks out all programs except Windows Store ones, is offered. Then merged with the mainstream OS. I have a feeling that it may wind up becoming the default, then "non-S" mode eventually becoming a chargable extra, or even deleted sooner or later.
Maybe I need a better tinfoil hat. For some purposes, "S-mode" can be useful, but I wonder if it really can protect against Trojans or malware.
I rip my own CDs (Apple Lossless, just because storage is so relatively cheap so might as well have full quality... the days of having to make sure your 128kbps MP3s sound as good as possible using LAME and EAC are long behind us although EAC is still useful for dealing with CD errors.)
I also have a substantial AAC collection from iTunes. I learned not to trust if I can re-download songs again, so my iTunes collection gets stored on a NAS. This way, if I want to copy songs onto an Android device, it is a matter of mounting the phone as a USB flash drive on my NAS, and doing an rsync, or rsync over ssh if I don't feel like connecting the devices.
I am not sure what part of iTunes Apple wants to tank. The music store would suck, but there is always Google, Amazon, or foreign sites which have songs that can't be bought in the US.
The iTunes app itself is one of the few ways to put music on the device, although iFunBox can be used as an alternative. Maybe Apple might force iCloud Music to be the only way to play music outside of firing up a third party app (Spotify, YouTube Music). Hopefully not.
I do agree the iTunes app needs an end to end refactor/redesign. It has wound up being the kitchen sink when it comes to things, be it DFU flashing soft-bricked iOS devices, managing a music collection on a Mac or Windows, transferring files to/from an iOS device, being a content store, and so on. However, I hope it doesn't gut features when this is done.
I was thinking the same thing. I had a few feature ideas come to mind:
Something like having the SSD which support the Secure Trim command (blkdiscard -s), where when the command is given, the trimmed pages are immediately cryptographically erased.
Tamper resistance -- if the machine is opened, the keys to the SSD are dumped, similar to the ORWL desktop computer.
A GPS/Wi-Fi system which would get the OS to suspend/hibernate if the machine is taken out of the medical area without an exception made, requiring a passphrase or a network unlock to turn back on.
A special function of the laptop's keyboard where it locks out all access from the OS when a password is requested, to protect against keyloggers.
Some type of keylock so the machine can be physically secured, as well as having the keyboard/mouse rendered inoperable. This keeps the machine from being locked out when a patient sits there and tries to guess usernames/passwords.
A special NIC which can be configured to only allow the laptop to communicate via specific SSIDs (with certificates to authenticate.)
A HID card reader allowing easy login/unlock access.
A one-button reimage process that would have the BIOS securely erase everything, hop onto a preset SSID, and start the PXE boot, with the machine being added to AD.
There is also one commodity Michigan has, which California doesn't... water.
San Antonio isn't a bad town to move to. It has two (going on three) loops, where even at 5:30 rush hour, you can still get around town at a reasonable clip. Yes, it has crime, but it is nowhere what it used to be. Only real notable thing to watch out for are uninsured motorists, so bump up your PIP and underinsured/uninsured coverage.
Thanks. I would say that I trust XPrivacy more, because it allows better faking of things, even contacts and music listings. If the XPosed framework is still being kept up to date, that is definitely a plus as well.
With most things, caveat emptor. If a fleshlight app requires every permission available including ACCESS_SUPERUSER, which almost apps do, people need to not install it, or find a garbage device to install it and remove it, just to write a one star review.
This is how many dev houses make their money. It isn't the game itself, it is the real time geo-location figures that can be handed over to anyone who wants them that brings in the dosh.
I wish XPrivacy were still around. Those types of apps that want everything can get it... nothing beats fresh numbers straight from my device's /dev/urandom.
XPrivacy has not been updated in years, and the Git repo is archived by the owner. I wish there were a fork of this that was actively maintained. It used to be a must have because it would allow apps that had to slurp up info all the info they could ever want... fresh from /dev/urandom or /dev/zero.
The perfect is the enemy of the good here.
Having one's own encryption layer is better than nothing, especially if the phone's encryption may not be secure. Yes, an app developer might have to take the time to realize using AES in ECB mode is not a good thing, but that is better than nothing.
Maybe app developers should consider doing their own encryption for data stored? This could be fairly simple, depending on the persistence of the data. If the data doesn't leave the device, create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. That way, the OS (which is normally secure) maintains security, but the app still has stuff secured by the separate added PIN/passphrase.
If the data has to be backed up, it could be encrypted with a nonce, and a HMAC of the nonce and the PIN/PW used to secure it if it backed up to iCloud or if it goes to iCloud directly as a file.
For backups, one can do an architecture similar to Titanium Backup. Prompt for a password, generate a keypair, encrypt the private key with the password, then bundle the encrypted private key with every backup (or perhaps file). This allows backups to be done using the public key, and restores easily done by prompting for the password.
OpenSSL is available on iOS, so this shouldn't be too much of a stretch.