Some companies make a phone as good as the flagship players. HTC, LG, and Moto, have some good devices. Companies like Vivo have under-glass fingerprint scanners which are seeming to be doing well. As an added bonus, most of these devices have an official way to unlock the bootloader, so you can run LineageOS or a custom ROM.
Even lower-end phones like the LG Stylo 3+ are not bad.
I'd say they are worth looking at, oftentimes one can get away with a decent phone without having to shell out the big bucks for a flagship device that you can't root or customize anyway.
You get what you pay for. It might be that a Digital Ocean droplet, an application server on LightSail, or something similar might be a lot better in the privacy and security sense than trusting a "free" provider. Or, it might be useful to have a VM farm on a DMZ and host it from your Internet connection.
The downside is that you have to maintain, back it up, and secure it, but the upside is that you pack your own parachute, and know what you are getting, and where your data sits.
I'd be happy with two microSD card slots (one internal mainly for storage, one easily accessed externally for backups), and the phone have an unlockable bootloader, or come with a ROM with root ready to go like in LineageOS.
However, even then, would I pay four digits for a phone? $200 gets me a LG Stylo 3 Plus, which has a fingerprint scanner, SD card slot, and decent overall performance. $600 gets me a HTC flagship phone (which can be unlocked via HTCDev, then S-Off done via Sunshine) that has top tier cameras/CPU/etc., and a MicroSD card slot. Even the Samsung S9+ is in the 800 dollar range.
I don't fault people for paying $1000+ for a phone. However, I can get a phone that does all my needs for a fraction of the price. An iPhone 8 may not have the cool factor of the X, but it does the job.
The desktop's role isn't going anywhere. However, in a lot of companies, the desktop computer is being replaced by laptops and docks, and at home, a lot of people find that a laptop serves their needs well enough that they don't need a desktop PC either.
I am not surprised by this in the least. Desktop PCs will still always be around, but the role is easily handled by laptops and tablets like the Microsoft Surface and the Dell 2-in-1s, especially with breakout boxes for GPUs, so the heavy-lifting for gaming can stay in a separate box at home.
How effective is blocking cryptocurrency exchanges? To me, this seems like it will work on stopping trade in cryptocurrencies, because they cannot be exchanged for things of real value, unless one exchanges to another commodity via a foreign service, then exchanges that commodity into the domestic country's currency.
That is happening in the US. I know of at least one bank who was mentioned on Reddit for kicking people out if they are doing any buying/selling to cryptocurrency exchanges, where someone who did a transaction with Coinbase was told to go elsewhere and that all their accounts would be closed due to that.
If you block the endpoints, where cryptocurrency can't be cashed in and used for buying stuff, then there are no real reasons for people to invest in it.
Pretty much, all I see coming from Silicon Valley are apps that try to shove ads in a new way, slurp up user data and phone home with it, be it "metadata", "telemetry", or whatever, or nickel/dime the consumer to death (F2P/P2W games, which most games tend to be.) I'm not really seeing anything that will help the quality of life across the board, but more ways to con the end user. I also don't really see much innovation either, other than buzzword-style monetization.
Even IoT devices tend to be this way, where the device is mainly used as a way to slurp data to be sent home, as opposed to something useful for the consumer. This seems to be the case when the devices have security issues and the maker tells the people who own them, "just buy our version 1.1 device to fix the problem. We don't care to fix what is wrong with the version 1.0, and you agreed in the EULA that you won't sue us, so buy our stuff or bugger off."
Wake me up when Samsung has phones that have an unlocked bootloader and/or allowing full root access. Otherwise, I'll stick to HTC, Moto, or some other brand which allows me to actually do what I want with my phone. I will say Samsung phones are top notch when it comes to build quality, but a gilded walled garden is still a walled garden, and the key to privacy on Android is a root level (iptables) firewall not depending on a VPN hack.
I remember those days. At the time, Sprint would not let any machines off their network, nor allow anything on their network that wasn't sold with a their label, saying it was done to ensure device quality. Nothing like waiting on hold for 30-45 minutes for something that I could on a GSM network in seconds.
Heck with eSIMs. Not interested in going back to the Dark Ages.
I have a feeling it would be more like reducing the horsepower of the vehicle, or forcing a delay at startup until someone watches and interacts with "x" number of ads.
I also like a stereo image, and Apple's speakers promise that, but not out yet. Sorry, I'm happy with a pair of Yamaha monitors that work, don't need updates, don't phone home, and have a real flat response for mixing. If I want bass, I'll boost that on my EQ.
Plus, wires can do better sound quality than any Bluetooth protocol.
I would assert they will be used in the usual RAID 1/10/6 configurations. They are fast, but because there is so much data on them and I/O hasn't kept up, RAID 5 would likely not be used, but would be used for RAID 6. Of course, RAID 1 and RAID 10 will definitely be alternatives.
I do wonder what the real world failure rate on these will be. From what I've seen, SSDs have definitely been more reliable than HDDs.
I wonder why Nintendo doesn't embrace this functionality. It possibly will sell more tablets, and it doesn't aid piracy. I wish they had this built in from the get-go.
I would consider using different forms of media. M-Disc media comes to mind as one way, cloud storage with multiple providers another way, and a USB flesh drive using a bit-rot resistant filesystem (btrfs, ReFS, APFS) to at least know if the ISO got damaged during storage. I would say that storing copies different places is more useful than finding the perfect media for long term storage.
It also doesn't hurt to have a SHA-512 hash manifest of the files as well when stored, or even GPG signatures. That way, you can verify the ISO images for damage before wasting time trying to use them.
Best of all is to also Clonezilla image the laptop before ever booting Windows, and save the image, as well as the W7 image media somewhere secure (Amazon Glacier, Wasabi Cloud, Backblaze B2). Make sure the product key or keys are saved with the files as well.
If something happens (alternator, dead battery), I can get a stalled (or stalling) vehicle to the side of the road. With all these electronic subsystems, if something happens which knocks out the vehicle's electric power, it not just becomes harder to steer and brake (due to lack of assist), but harder to move to the shoulder, with no mirrors present.
I don't mind stuff as augments, but not as replacements, especially with safety devices like mirrors that can mean the difference versus a safe pass versus being a long criminal negligence prison sentence for hitting a motorcycle.
My question is, who does the licensing? If it is a state board ensuring that a plumber knows the difference between a PVC sewer pipe and a PEX-A water inlet, that is one thing. However, if regulatory capture happens, and the licensing becomes knowing how to use one product maker's stuff above all else, then it is worthless.
IT doesn't really have many certificates that are vendor independent, except perhaps the A+, and the CISSP. Instead, we have RedHat certs, Cisco certs, Microsoft certs, Amazon certs. What is needed is to have something that covers the basics of IT that don't really change. For example, security basics, the 3-2-1 principle of backups, RTO, RPO, differences between test, production, and development environments, types of malware, advantages and disadvantages of backup media (tape, cloud, drives), types of RAID, SSD versus HDD, and basic, universal concepts that apply regardless of what platform someone is on. A licensing body in IT that isn't locked to a specific OS or vendor would do wonders in at least ensuring someone has a certain baseline of knowledge.
I've wanted to see a way to have older entries expire (or be available as an archive) without compromising integrity, or some way to checkpoint every transaction, so everything after that "snapshot" is synced, and can be validated by just a few signatures, as opposed to having to run through the whole blockchain to complete a transaction.
Of course, the IP address isn't collected. Well, actively collected... it just comes along for the ride with the HTTPS origin packet.
I understand how this info can be used to help with making Ubuntu better, but with all this in a database, as the parent stated, this makes a big juicy target for a data breach, as it can provide internal IPs and topology of some potentially restricted environments.
Ideally, this should have been opt-in. For a lot of machines, I don't mind this stuff collected. However, there are some which I don't want any info, whatsoever, about them in a database which might eventually will fall into the wrong hands.
What I'd like to see is a 2FA method that uses public/private keys. Right now, most 2FA authentication methods use a shared secret. This works well, and allows for devices to be completely air-gapped from each other, as ways to authenticate. However, it would be nice if there were a way to do this via public/keys, so if a company's repository of 2FA seeds gets compromised, it doesn't mean the attacker can generate fake 2FA codes to log on, or try them against other sites.
It actually has some ROI. The C-levels find out there was a major breach, dump and short their stock, announce the breach, and walk away with a lot more jingle in their wallet. If the company tanks, they get their golden parachute as well.
Ironic that the companies that are in business to watch people's IDs seem to not care about protecting security themselves with basic account security measures. However, I think this is typical of the computer industry as a whole with "security has no ROI" a mantra sung by the PHBs.
Do these services even work? Once someone applies and gets a credit card, the damage is done... the ID theft service may not be able to do much, because the debt is already signed for and it is up to the victim to press the fraud allegations and do the police reports.
I don't know what would be worse. No VPN, or a "free" VPN from a place doing heavy package analyzing. On one hand, I've seen Wi-Fi machinations, be it HTTP intercepts, attempts to get the device to accept an untrusted key as a trusted root CA, and other stuff, so any VPN would be useful to deter that. On the other hand, FB isn't someone whom I would trust to be a privacy provider.
Personally, I'll stick with with my Digital Ocean droplet for my VPN needs. There are fewer parties that can have access to snarfing my network logs... just the DO admins and me.
Outlook and Thunderbird don't show pictures by default. The added content just ensures that some spammer knows that a user actually saw their email at the very least. This would be very useful in targeted attacks, where one wants to find what someone's IP is, perhaps to DDoS them.
Of all the things to screw around with, E-mail isn't one of them. We already went through at least two "active content" cycles, one being VB scripts (I Love You worms), and HTML with its Web bugs, beacons, tracking stuff, etc. All AMP is going to add is more network and storage bandwidth taken for ads/malvertising. It won't improve anything for daily use.
Slashdot Mirror
Some companies make a phone as good as the flagship players. HTC, LG, and Moto, have some good devices. Companies like Vivo have under-glass fingerprint scanners which are seeming to be doing well. As an added bonus, most of these devices have an official way to unlock the bootloader, so you can run LineageOS or a custom ROM.
Even lower-end phones like the LG Stylo 3+ are not bad.
I'd say they are worth looking at, oftentimes one can get away with a decent phone without having to shell out the big bucks for a flagship device that you can't root or customize anyway.
You get what you pay for. It might be that a Digital Ocean droplet, an application server on LightSail, or something similar might be a lot better in the privacy and security sense than trusting a "free" provider. Or, it might be useful to have a VM farm on a DMZ and host it from your Internet connection.
The downside is that you have to maintain, back it up, and secure it, but the upside is that you pack your own parachute, and know what you are getting, and where your data sits.
I'd be happy with two microSD card slots (one internal mainly for storage, one easily accessed externally for backups), and the phone have an unlockable bootloader, or come with a ROM with root ready to go like in LineageOS.
However, even then, would I pay four digits for a phone? $200 gets me a LG Stylo 3 Plus, which has a fingerprint scanner, SD card slot, and decent overall performance. $600 gets me a HTC flagship phone (which can be unlocked via HTCDev, then S-Off done via Sunshine) that has top tier cameras/CPU/etc., and a MicroSD card slot. Even the Samsung S9+ is in the 800 dollar range.
I don't fault people for paying $1000+ for a phone. However, I can get a phone that does all my needs for a fraction of the price. An iPhone 8 may not have the cool factor of the X, but it does the job.
The desktop's role isn't going anywhere. However, in a lot of companies, the desktop computer is being replaced by laptops and docks, and at home, a lot of people find that a laptop serves their needs well enough that they don't need a desktop PC either.
I am not surprised by this in the least. Desktop PCs will still always be around, but the role is easily handled by laptops and tablets like the Microsoft Surface and the Dell 2-in-1s, especially with breakout boxes for GPUs, so the heavy-lifting for gaming can stay in a separate box at home.
How effective is blocking cryptocurrency exchanges? To me, this seems like it will work on stopping trade in cryptocurrencies, because they cannot be exchanged for things of real value, unless one exchanges to another commodity via a foreign service, then exchanges that commodity into the domestic country's currency.
That is happening in the US. I know of at least one bank who was mentioned on Reddit for kicking people out if they are doing any buying/selling to cryptocurrency exchanges, where someone who did a transaction with Coinbase was told to go elsewhere and that all their accounts would be closed due to that.
If you block the endpoints, where cryptocurrency can't be cashed in and used for buying stuff, then there are no real reasons for people to invest in it.
Pretty much, all I see coming from Silicon Valley are apps that try to shove ads in a new way, slurp up user data and phone home with it, be it "metadata", "telemetry", or whatever, or nickel/dime the consumer to death (F2P/P2W games, which most games tend to be.) I'm not really seeing anything that will help the quality of life across the board, but more ways to con the end user. I also don't really see much innovation either, other than buzzword-style monetization.
Even IoT devices tend to be this way, where the device is mainly used as a way to slurp data to be sent home, as opposed to something useful for the consumer. This seems to be the case when the devices have security issues and the maker tells the people who own them, "just buy our version 1.1 device to fix the problem. We don't care to fix what is wrong with the version 1.0, and you agreed in the EULA that you won't sue us, so buy our stuff or bugger off."
Wake me up when Samsung has phones that have an unlocked bootloader and/or allowing full root access. Otherwise, I'll stick to HTC, Moto, or some other brand which allows me to actually do what I want with my phone. I will say Samsung phones are top notch when it comes to build quality, but a gilded walled garden is still a walled garden, and the key to privacy on Android is a root level (iptables) firewall not depending on a VPN hack.
I remember those days. At the time, Sprint would not let any machines off their network, nor allow anything on their network that wasn't sold with a their label, saying it was done to ensure device quality. Nothing like waiting on hold for 30-45 minutes for something that I could on a GSM network in seconds.
Heck with eSIMs. Not interested in going back to the Dark Ages.
I have a feeling it would be more like reducing the horsepower of the vehicle, or forcing a delay at startup until someone watches and interacts with "x" number of ads.
I also like a stereo image, and Apple's speakers promise that, but not out yet. Sorry, I'm happy with a pair of Yamaha monitors that work, don't need updates, don't phone home, and have a real flat response for mixing. If I want bass, I'll boost that on my EQ.
Plus, wires can do better sound quality than any Bluetooth protocol.
I would assert they will be used in the usual RAID 1/10/6 configurations. They are fast, but because there is so much data on them and I/O hasn't kept up, RAID 5 would likely not be used, but would be used for RAID 6. Of course, RAID 1 and RAID 10 will definitely be alternatives.
I do wonder what the real world failure rate on these will be. From what I've seen, SSDs have definitely been more reliable than HDDs.
I wonder why Nintendo doesn't embrace this functionality. It possibly will sell more tablets, and it doesn't aid piracy. I wish they had this built in from the get-go.
I would consider using different forms of media. M-Disc media comes to mind as one way, cloud storage with multiple providers another way, and a USB flesh drive using a bit-rot resistant filesystem (btrfs, ReFS, APFS) to at least know if the ISO got damaged during storage. I would say that storing copies different places is more useful than finding the perfect media for long term storage.
It also doesn't hurt to have a SHA-512 hash manifest of the files as well when stored, or even GPG signatures. That way, you can verify the ISO images for damage before wasting time trying to use them.
Best of all is to also Clonezilla image the laptop before ever booting Windows, and save the image, as well as the W7 image media somewhere secure (Amazon Glacier, Wasabi Cloud, Backblaze B2). Make sure the product key or keys are saved with the files as well.
If something happens (alternator, dead battery), I can get a stalled (or stalling) vehicle to the side of the road. With all these electronic subsystems, if something happens which knocks out the vehicle's electric power, it not just becomes harder to steer and brake (due to lack of assist), but harder to move to the shoulder, with no mirrors present.
I don't mind stuff as augments, but not as replacements, especially with safety devices like mirrors that can mean the difference versus a safe pass versus being a long criminal negligence prison sentence for hitting a motorcycle.
My question is, who does the licensing? If it is a state board ensuring that a plumber knows the difference between a PVC sewer pipe and a PEX-A water inlet, that is one thing. However, if regulatory capture happens, and the licensing becomes knowing how to use one product maker's stuff above all else, then it is worthless.
IT doesn't really have many certificates that are vendor independent, except perhaps the A+, and the CISSP. Instead, we have RedHat certs, Cisco certs, Microsoft certs, Amazon certs. What is needed is to have something that covers the basics of IT that don't really change. For example, security basics, the 3-2-1 principle of backups, RTO, RPO, differences between test, production, and development environments, types of malware, advantages and disadvantages of backup media (tape, cloud, drives), types of RAID, SSD versus HDD, and basic, universal concepts that apply regardless of what platform someone is on. A licensing body in IT that isn't locked to a specific OS or vendor would do wonders in at least ensuring someone has a certain baseline of knowledge.
I've wanted to see a way to have older entries expire (or be available as an archive) without compromising integrity, or some way to checkpoint every transaction, so everything after that "snapshot" is synced, and can be validated by just a few signatures, as opposed to having to run through the whole blockchain to complete a transaction.
Of course, the IP address isn't collected. Well, actively collected... it just comes along for the ride with the HTTPS origin packet.
I understand how this info can be used to help with making Ubuntu better, but with all this in a database, as the parent stated, this makes a big juicy target for a data breach, as it can provide internal IPs and topology of some potentially restricted environments.
Ideally, this should have been opt-in. For a lot of machines, I don't mind this stuff collected. However, there are some which I don't want any info, whatsoever, about them in a database which might eventually will fall into the wrong hands.
What I'd like to see is a 2FA method that uses public/private keys. Right now, most 2FA authentication methods use a shared secret. This works well, and allows for devices to be completely air-gapped from each other, as ways to authenticate. However, it would be nice if there were a way to do this via public/keys, so if a company's repository of 2FA seeds gets compromised, it doesn't mean the attacker can generate fake 2FA codes to log on, or try them against other sites.
It actually has some ROI. The C-levels find out there was a major breach, dump and short their stock, announce the breach, and walk away with a lot more jingle in their wallet. If the company tanks, they get their golden parachute as well.
Ironic that the companies that are in business to watch people's IDs seem to not care about protecting security themselves with basic account security measures. However, I think this is typical of the computer industry as a whole with "security has no ROI" a mantra sung by the PHBs.
Do these services even work? Once someone applies and gets a credit card, the damage is done... the ID theft service may not be able to do much, because the debt is already signed for and it is up to the victim to press the fraud allegations and do the police reports.
I don't know what would be worse. No VPN, or a "free" VPN from a place doing heavy package analyzing. On one hand, I've seen Wi-Fi machinations, be it HTTP intercepts, attempts to get the device to accept an untrusted key as a trusted root CA, and other stuff, so any VPN would be useful to deter that. On the other hand, FB isn't someone whom I would trust to be a privacy provider.
Personally, I'll stick with with my Digital Ocean droplet for my VPN needs. There are fewer parties that can have access to snarfing my network logs... just the DO admins and me.
6: While that all is going on, an EME-protected cryptocurrency miner running in the background.
Outlook and Thunderbird don't show pictures by default. The added content just ensures that some spammer knows that a user actually saw their email at the very least. This would be very useful in targeted attacks, where one wants to find what someone's IP is, perhaps to DDoS them.
Of all the things to screw around with, E-mail isn't one of them. We already went through at least two "active content" cycles, one being VB scripts (I Love You worms), and HTML with its Web bugs, beacons, tracking stuff, etc. All AMP is going to add is more network and storage bandwidth taken for ads/malvertising. It won't improve anything for daily use.