I've done it with Titanium Backup. Back up the app, dump it, load it from another source, restore your data. Of course, this is assuming the apps are at the same version level.
If a bank has their safe deposit items "on the books", if they fail, everything in the safe deposit box can be taken. In fact, some banks explicitly have a warning or recommendation to not store coins in their vault, because of this.
Of course, there is the fact that the government can ban ownership of gold at any time...
Not to say that cryptocurrencies are the be-all and end-all, but gold isn't completely bulletproof either.
I would say that cryptocurrencies and gold have advantages and disadvantages. Cryptocurrencies can be easily stolen by a compromised app, or lost forever if one loses their password to their wallet, or loses their wallet. If someone has backups of their wallet, has something like a TREZOR or other hardware based item, it can be said that their security is better than having physical precious metals.
Maybe a feature to be added would be the ability to recover a wallet from multiple places, a classic shared secret, where "x" out of "y" items (like 3 out of 5) are needed to remake it. That way, you can have a wallet backup split among three trusted people, where two of the three are needed for a recovery.
One can do things like the Lightning Network, but I would probably say that another cryptocurrency may be better for making transactions, if only due to the overhead of the Bitcoin blockchain, having to pay a "tip" so your transactions are processed reasonably, and the fact that Bitcoin's value is being hit hard by speculators.
What would be ideal would be a currency that has less overhead, perhaps a way of obscuring of who did what in its blockchain for privacy's sake. That way, if someone bought an item today, 20-30 years from now, they wouldn't having to defend themselves for that purpose, especially if statute of limitations laws get repealed.
Let Bitcoin be where people play with the tulips, while "real work" (i.e. payments and exchanges) get done in another currency that is more stable.
I wonder about option "C": Allow the user to pick their own review board. For example, have people from the Daily Kos, Breitbart, der Spiegel, CNN, MSNBC, Comedy Central, and other news organizations offer a review/weighting service for articles, with the ability for a user to pick and choose among them. This way, they are not stuck with what one groups deems as valid.
This way, FB can't be accused of being partisan, since people can choose who (if any) reviews news articles and sets validity scores for them.
The only reason I see that the electric motor is placed centrally is so it can be mated with a transmission, because electric motors get their best torque at 0 RPM, and go down from there.
The exact same thing was said about Linux in 1991-1992, that it would never compete against "real" operating systems like Solaris, ULTRIX, and others.
What is needed is to get critical mass. However, this may not be as hard as people think. One can bring up the Intel ME debacle, and show that this chipset is open from design to the masking process to the fab... and companies will buy those, if only to ensure that the C-level PCs are not compromised, one of the few places where security tends to be valued.
The hard part will be getting the OS and app makers to deploy on the platform. However, this has been done before, and if people have faith in a platform, they will move to it.
With all this wheel reinvention, what is fundamentally wrong with the 3.5mm jack, or the 1/4" one used in audio equipment? The Sony connector may be better with its balanced TRRRS architecture, but is it worth a new standard? Sony does have good formats, but they tend to be esoteric at best, or wind up on the wayside at worse (like memory sticks.)
For digital output, USB-C should be what people use.
The issue isn't the OS; it is the apps. Right now, app designers have five major platforms to consider: Windows, macOS, Linux, iOS, and Android. It would take a lot of work and a critical mass of users to woo them to spend the development effort to add a sixth platform. As the article said, Google has a long way to go, but Google already has written the world's most popular app platform, and it wouldn't be farfetched for them to do it again.
The good thing is that Google always seems to be innovating, one of the few companies that actually has completely new stuff, even if it might have rough edges.
I hope Google does do some pull requests, so this goes into Debian, and perhaps filters to Ubuntu. Done right, their changes can have a major positive effect on the entire Linux ecosystem.
It is about shifting security risks around. Using the same (or a similar) password on multiple sites versus a PW manager allowing for more secure entries per site.
In the past, I just did a MD5 of my master password and the site name and used that, but with the varying length, character, and other requirements sites have, that isn't as feasible as it used to be.
The question is... is the risk of the master password being lost greater than someone figuring out that you use a similar PW on a bunch of sites to get in? I prefer to use solid passwords with every site, so I take the PW manager risk. If someone is keylogging my machine, I'm hosed anyway, and that is what 2FA is for.
For Grandma's cookies, it gets encrypted with a shared secret and a private key, both are on an offline computer that used a SD card for the data (USB can be used as an entry point.) Then the message is sent via different channels via a shared secret mechanism (x out of y pieces needed to reassemble) One channel could be E-mail, another WhatApp, another Telegram or TextSecure. Secure, but a pain in the bum.
For stuff less secure, a PGP app and a messaging app works well enough, however, it gets old copying and pasting to encode/decode.
Then, you have apps like Telegram or Signal which have a good reputation for security. If a government bans or demands backdoors in them; they are good.
Then you have everything else, where security is at best theater.
Exactly. If the kernel scrambled the UEFI files or hosed the firmware beyond recovery, that is a bricking. Having to boot from an earlier kernel in GRUB2... well, that is just an "oh shit", like anything else on the OS side. Definitely not good, but it doesn't mean that you have to buy a new motherboard.
I think part of the confusion come in with a lot of appliances blurring the line between BIOS and OS, combined with the lack of control of the OS. A kernel panic on a phone preventing it from starting could be a "bricking", especially if there is no way to boot a recovery ROM. However, on desktop/server PCs, we still have the option (for now...) to go back to a previous kernel.
With all the crap that runs on a machine, multiple users running at the same time is a must. The days of a cooperative multitasking OS are long gone. You can have a single user OS with preemptive multitasking (OS/2, for example), but you then run into issues where if one item gets infected, the whole machine is pwned. The fact that Windows has UAC has probably stopped/prevented a lot of infections, and is why Microsoft put it in after XP.
Operating systems need not just to be multiuser, but have varying contexts for each user. What is important is that web browsers run untrusted and potentially hostile code 24/7. Even if someone doesn't navigate to a malicious site, an ad server can easily serve up malware (malvertising is one of the biggest attack vectors). Web browser makers do a good job, but ideally, protection should be done by the OS, and even down to the CPU hardware to ensure that stuff running in the browser context does not get out barring authorized ways (downloads, etc.)
Eventually we will be moving to where machines use hypervisors for everything. For Windows 10 Enterprise, with CredentialGuard, that is already the case. Intel and AMD have done great strides (AMD especially with RAM page encryption to keep leaks from one VM from being readable by another), but we have a ways to go to ensure that code in one partition/VM/container cannot affect or see code anywhere else.
Doesn't AMD have a hardware feature of encrypting RAM pages, which might mitigate exploits like this (one VM will only get garbage if it manages to access another VM's space, for example?)
I learned that the hard way. At least you can create an encrypted APFS volume and install macOS on that, but that doesn't help if it is a default install.
Apple just seems to like giving the middle finger to the enterprise. I'm guessing they expect IT to use MDM tools like JAMF than standard imaging practices.
I would say the biggest reason to move to 10.13.x is for APFS. It took Apple a long time, but APFS is a decent filesystem. Of course, it would have been nice if Apple licensed ZFS way back when.
It has a packaging system, or one just copies the app to the Applications folder. However, uninstalling is a completely different matter. macOS has no real standard way to uninstall packages, other than to drag the application to the trash, or click the x when the icons wiggle in the Launcher.
macOS really needs a better packaging system. What would be ideal is not just one that can handle installs and clean uninstalls, but to be able to back off updates without reinstalling, similar to AIX's installp. It also would be nice to have a repair mechanism so that a damaged install can be backed out completely. Other package managers are transactional, but it would be nice to have a cleanup process to find broken, not completed installs and remove them.
As an added bonus, if signatures and such are done right, SIP could be used to protect the integrity of one program from another, as a way to mitigate rootkits.
David Chaum has some excellent work on auditable voting systems, with excellent trails of proof. However, it doesn't seem that municipalities really care, as opposed to buying what the lowest bidder has to offer.
Maybe the LJ should focus on some things Linux does well? Embedded operation, IoT devices, for example. I can get an Arduino or Raspberry Pi to do some pretty nice things, quite inexpensively.
The SD standard provides for built in encryption and signing as part of the standard, provided you have enough cloud to have a business they will allow to have the info under NDA. I wonder why Nintendo just doesn't use that, or perhaps add their own DRM layer?
Even if they only allow their "blessed" rebranded SD cards sold only by them, it would be a fairly easy technology to repurpose.
I would say a mechanical thermostat like a Honeywell Econostat is good enough. Yes, it may break due to the bimetallic spring and movement, but they are vary reliable. As an added bonus, without physical access, they can't be accessed from remote.
It may be nice to have a programmable thermostat to raise/lower temperature, but it definitely isn't a necessity.
What gets me is that there are thermostats out there that would malfunction or not work if they didn't have a constant internet connection. These devices are not Playstations or Xbox consoles where high-value DRM is a must.
Slashdot Mirror
I've done it with Titanium Backup. Back up the app, dump it, load it from another source, restore your data. Of course, this is assuming the apps are at the same version level.
If a bank has their safe deposit items "on the books", if they fail, everything in the safe deposit box can be taken. In fact, some banks explicitly have a warning or recommendation to not store coins in their vault, because of this.
Of course, there is the fact that the government can ban ownership of gold at any time...
Not to say that cryptocurrencies are the be-all and end-all, but gold isn't completely bulletproof either.
One doesn't need an exchange.
I would say that cryptocurrencies and gold have advantages and disadvantages. Cryptocurrencies can be easily stolen by a compromised app, or lost forever if one loses their password to their wallet, or loses their wallet. If someone has backups of their wallet, has something like a TREZOR or other hardware based item, it can be said that their security is better than having physical precious metals.
Maybe a feature to be added would be the ability to recover a wallet from multiple places, a classic shared secret, where "x" out of "y" items (like 3 out of 5) are needed to remake it. That way, you can have a wallet backup split among three trusted people, where two of the three are needed for a recovery.
One can do things like the Lightning Network, but I would probably say that another cryptocurrency may be better for making transactions, if only due to the overhead of the Bitcoin blockchain, having to pay a "tip" so your transactions are processed reasonably, and the fact that Bitcoin's value is being hit hard by speculators.
What would be ideal would be a currency that has less overhead, perhaps a way of obscuring of who did what in its blockchain for privacy's sake. That way, if someone bought an item today, 20-30 years from now, they wouldn't having to defend themselves for that purpose, especially if statute of limitations laws get repealed.
Let Bitcoin be where people play with the tulips, while "real work" (i.e. payments and exchanges) get done in another currency that is more stable.
I wonder about option "C": Allow the user to pick their own review board. For example, have people from the Daily Kos, Breitbart, der Spiegel, CNN, MSNBC, Comedy Central, and other news organizations offer a review/weighting service for articles, with the ability for a user to pick and choose among them. This way, they are not stuck with what one groups deems as valid.
This way, FB can't be accused of being partisan, since people can choose who (if any) reviews news articles and sets validity scores for them.
The only reason I see that the electric motor is placed centrally is so it can be mated with a transmission, because electric motors get their best torque at 0 RPM, and go down from there.
The exact same thing was said about Linux in 1991-1992, that it would never compete against "real" operating systems like Solaris, ULTRIX, and others.
What is needed is to get critical mass. However, this may not be as hard as people think. One can bring up the Intel ME debacle, and show that this chipset is open from design to the masking process to the fab... and companies will buy those, if only to ensure that the C-level PCs are not compromised, one of the few places where security tends to be valued.
The hard part will be getting the OS and app makers to deploy on the platform. However, this has been done before, and if people have faith in a platform, they will move to it.
With all this wheel reinvention, what is fundamentally wrong with the 3.5mm jack, or the 1/4" one used in audio equipment? The Sony connector may be better with its balanced TRRRS architecture, but is it worth a new standard? Sony does have good formats, but they tend to be esoteric at best, or wind up on the wayside at worse (like memory sticks.)
For digital output, USB-C should be what people use.
The issue isn't the OS; it is the apps. Right now, app designers have five major platforms to consider: Windows, macOS, Linux, iOS, and Android. It would take a lot of work and a critical mass of users to woo them to spend the development effort to add a sixth platform. As the article said, Google has a long way to go, but Google already has written the world's most popular app platform, and it wouldn't be farfetched for them to do it again.
The good thing is that Google always seems to be innovating, one of the few companies that actually has completely new stuff, even if it might have rough edges.
I hope Google does do some pull requests, so this goes into Debian, and perhaps filters to Ubuntu. Done right, their changes can have a major positive effect on the entire Linux ecosystem.
It is about shifting security risks around. Using the same (or a similar) password on multiple sites versus a PW manager allowing for more secure entries per site.
In the past, I just did a MD5 of my master password and the site name and used that, but with the varying length, character, and other requirements sites have, that isn't as feasible as it used to be.
The question is... is the risk of the master password being lost greater than someone figuring out that you use a similar PW on a bunch of sites to get in? I prefer to use solid passwords with every site, so I take the PW manager risk. If someone is keylogging my machine, I'm hosed anyway, and that is what 2FA is for.
Depends on the sensitivity of the data:
For Grandma's cookies, it gets encrypted with a shared secret and a private key, both are on an offline computer that used a SD card for the data (USB can be used as an entry point.) Then the message is sent via different channels via a shared secret mechanism (x out of y pieces needed to reassemble) One channel could be E-mail, another WhatApp, another Telegram or TextSecure. Secure, but a pain in the bum.
For stuff less secure, a PGP app and a messaging app works well enough, however, it gets old copying and pasting to encode/decode.
Then, you have apps like Telegram or Signal which have a good reputation for security. If a government bans or demands backdoors in them; they are good.
Then you have everything else, where security is at best theater.
Exactly. If the kernel scrambled the UEFI files or hosed the firmware beyond recovery, that is a bricking. Having to boot from an earlier kernel in GRUB2... well, that is just an "oh shit", like anything else on the OS side. Definitely not good, but it doesn't mean that you have to buy a new motherboard.
I think part of the confusion come in with a lot of appliances blurring the line between BIOS and OS, combined with the lack of control of the OS. A kernel panic on a phone preventing it from starting could be a "bricking", especially if there is no way to boot a recovery ROM. However, on desktop/server PCs, we still have the option (for now...) to go back to a previous kernel.
With all the crap that runs on a machine, multiple users running at the same time is a must. The days of a cooperative multitasking OS are long gone. You can have a single user OS with preemptive multitasking (OS/2, for example), but you then run into issues where if one item gets infected, the whole machine is pwned. The fact that Windows has UAC has probably stopped/prevented a lot of infections, and is why Microsoft put it in after XP.
Operating systems need not just to be multiuser, but have varying contexts for each user. What is important is that web browsers run untrusted and potentially hostile code 24/7. Even if someone doesn't navigate to a malicious site, an ad server can easily serve up malware (malvertising is one of the biggest attack vectors). Web browser makers do a good job, but ideally, protection should be done by the OS, and even down to the CPU hardware to ensure that stuff running in the browser context does not get out barring authorized ways (downloads, etc.)
Eventually we will be moving to where machines use hypervisors for everything. For Windows 10 Enterprise, with CredentialGuard, that is already the case. Intel and AMD have done great strides (AMD especially with RAM page encryption to keep leaks from one VM from being readable by another), but we have a ways to go to ensure that code in one partition/VM/container cannot affect or see code anywhere else.
Doesn't AMD have a hardware feature of encrypting RAM pages, which might mitigate exploits like this (one VM will only get garbage if it manages to access another VM's space, for example?)
Nope: Untrue.
I learned that the hard way. At least you can create an encrypted APFS volume and install macOS on that, but that doesn't help if it is a default install.
Apple just seems to like giving the middle finger to the enterprise. I'm guessing they expect IT to use MDM tools like JAMF than standard imaging practices.
I would say the biggest reason to move to 10.13.x is for APFS. It took Apple a long time, but APFS is a decent filesystem. Of course, it would have been nice if Apple licensed ZFS way back when.
It has a packaging system, or one just copies the app to the Applications folder. However, uninstalling is a completely different matter. macOS has no real standard way to uninstall packages, other than to drag the application to the trash, or click the x when the icons wiggle in the Launcher.
macOS really needs a better packaging system. What would be ideal is not just one that can handle installs and clean uninstalls, but to be able to back off updates without reinstalling, similar to AIX's installp. It also would be nice to have a repair mechanism so that a damaged install can be backed out completely. Other package managers are transactional, but it would be nice to have a cleanup process to find broken, not completed installs and remove them.
As an added bonus, if signatures and such are done right, SIP could be used to protect the integrity of one program from another, as a way to mitigate rootkits.
Windows has had something very similar since the XP days, where if one blows away a DLL, Windows silently copies it back.
David Chaum has some excellent work on auditable voting systems, with excellent trails of proof. However, it doesn't seem that municipalities really care, as opposed to buying what the lowest bidder has to offer.
Maybe the LJ should focus on some things Linux does well? Embedded operation, IoT devices, for example. I can get an Arduino or Raspberry Pi to do some pretty nice things, quite inexpensively.
Not all computers are desktops.
The SD standard provides for built in encryption and signing as part of the standard, provided you have enough cloud to have a business they will allow to have the info under NDA. I wonder why Nintendo just doesn't use that, or perhaps add their own DRM layer?
Even if they only allow their "blessed" rebranded SD cards sold only by them, it would be a fairly easy technology to repurpose.
I would say a mechanical thermostat like a Honeywell Econostat is good enough. Yes, it may break due to the bimetallic spring and movement, but they are vary reliable. As an added bonus, without physical access, they can't be accessed from remote.
It may be nice to have a programmable thermostat to raise/lower temperature, but it definitely isn't a necessity.
What gets me is that there are thermostats out there that would malfunction or not work if they didn't have a constant internet connection. These devices are not Playstations or Xbox consoles where high-value DRM is a must.
I'll genuinely be surprised if they make a portable cell phone battery charger, personally.