A small cheap UPS could keep something as low power as this running for a long time, brief power outages shouldn't pose a problem. And if you build it correctly, you shouldn't really need to reset it.
You can get the Mirabox, or one of its predecessors like the OpenRD or Dreamplug, all of which have dual GigE and some have a pcie slot and/or wifi too. They are only single core, but for a router that's more than adequate. I have 100mbit connectivity, the openrd can saturate the link just fine and the mirabox has a somewhat faster cpu. Combined with a decent managed switch, you can use VLANs to get more interfaces. I have 2 WAN links which are vlanned and connected to the same physical nic, and several internal VLANs for different purposes.
I always prefer to have separate devices, i would be in a similar boat to you because the line enters the house in an awkward place. I have cat6 throughout the house, and an AP located about as centrally as it can be, but that still results in spotty service in one of the bedrooms and its unusable in the garage or the garden.
So find a service provider who offers the same service, but does so using standard protocols like SIP or IAX, they won't care what client you use and you have a choice of hundreds. There are plenty of such providers out there.
Only it's quite easy to charge snowden with a crime, while the ethics of what he did and what he exposed can be questioned, from a purely legal standpoint he did commit a crime.
That's completely the wrong approach.. If your hosts aren't secure enough to be on the public internet, they shouldn't be on an internal network either. Many attacks come from the inside, and if you have a large number of insecure hosts hidden behind a border firewall then all it takes is one tiny hole and everything can come crashing down, as has happened many times in the past.
A firewall is not the ultimate answer, and nor should it be your only line of defense. If hosts are correctly configured, then a firewall won't actually improve security as the only services exposed on the host will be ones you intended to run and thus explicitly allowed through the firewall.
If ports are unused, then the hosts themselves will reject any traffic sent to them without the need of a firewall... If the hosts are running services you don't want, then you haven't configured your hosts correctly and hiding poorly configured hosts behind a firewall is not the answer.
Assuming the servers are correctly configured and hardened, then a firewall is an additional layer - ie the ports allowed by the firewall will be those ports that you have explicitly opened on the server, nothing else should be present irrespective of what the firewall allows. Wether you then need one depends on your budget, your risk profile, wether you need to comply with any external requirements (like pci-dss) etc.
Personally i have many servers with no firewalls, because having a firewall would add additional hosting cost, additional point of failure, additional attack surface, additional latency, and the servers themselves don't run any services that aren't intended to be open to the internet (and thus everything thats running would be allowed by the firewall anyway).
The benefits of having a firewall in my case - an extra place for logs incase my host is compromised, and the ability to control outbound access if the host is compromised, are outweighed by the downsides. The chance of the host actually becoming compromised in the first place wouldn't be decreased by the addition of a firewall, but you'd have the additional risk that the firewall itself could be compromised.
Short term it may cost more, long term it should save a lot... As someone who fully expects to still be paying taxes in 10 years time, i welcome long term savings.
As for interoperability, they are the government... You either want their business (eg suppliers), or you have no choice (eg taxpayers)... If they require that you submit documents in ODF then that's what you do, or they will find other suppliers who will.
Security through obscurity is an accident waiting to happen... When you talk about a system that noone would bother trying to hack, consider the bitcoin exchange mtgox - it started off as a simple site for trading game cards, and initially bitcoins had very little value - there was very little interest in hacking it. Then pretty much over night bitcoin exploded in value, making it a very tempting target indeed.
Also when you talk about a power plant system, a one way link is the security, not the obscurity aspect.
A secure system is one where even those who know the system inside out cannot break into it.
Well another part of the problem is that bikes are also not registered... Cars have license plates which allow people to easily identify the vehicle, bikes do not, which means bike riders feel far more anonymous and able to get away with illegal activities.
If there was more diversity among the systems being used, then even social engineering attacks would be harder... Whats the point trying to trick someone into running a program, if the system theyre using isnt capable of running it?
There's a lot to be said for consideration on the roads... And riding two abreast when doing so makes it hard for faster vehicles to pass is extremely inconsiderate, irrespective of legality. If you're doing something which unnecessarily inconveniences others why should they show you any consideration in return? There are many instances where the slowness and instability of a bike could make certain manoeuvres impossible or extremely dangerous, and car drivers will often allow bikes to pass when they aren't legally obliged to. The more you do to unnecessarily piss drivers off, the less they will do to help you.
The problem is that there are no license requirements for bikes, so many riders are totally unaware of the actual laws, and often highly inexperienced.. Drivers at least have to pass a test, and while there are plenty of bad drivers they should at least have some experience and understanding of the rules.
On a daily basis i see bikes ignoring red lights, while to see a car go through on red is pretty rare. Just yesterday i saw a bike come off of a footpath, go directly across a 2 lane road without slowing or checking for vehicles (causing several cars to hit the brakes) and into the wrong end of a one way street.
And it's no better as a pedestrian, i was shouted at by a bike rider who took issue with the fact i was in her way by walking down the sidewalk causing her to hit the brakes. It's illegal to ride there, why should i be forced to get out of the way of a bike speeding down the hill ringing a bell and shouting?
Also when trying to cross a road, you get a group of vehicles which pass you, and then a long spaced out stream of bikes that fill in the gap before the next group of vehicles - giving you no time to cross.
The UK system of vending machines in the airport is extremely convenient (and the vending machines typically support a bunch of languages and different network sims too), i wish other countries did something similar...
You can buy prepaid sims in most countries but often not in the airport, and quite often the pricing will only be displayed in the local language etc so it can be hard to work out what you're actually getting for your money (and quite easy to get ripped off in the small phone shops).
I just want a cheap prepaid sim that the people i'm visiting can call me on, and with a decent data allowance so i can use google maps etc. It would also be extremely convenient if you could buy them before you travel and have them shipped to you.
Just find something with PCI... Then you can use a fairly modern motherboard with easily obtainable ram in useful quantities, and use PCI cards for everything else - video, sound, and find an old SCSI controller instead of IDE. The board/cpu itself should be fully compatible with the older software, and using pci cards solves the problem with lack of drivers for the older hardware.
Software is often more expensive than the hardware it runs on, and yet you still have a warranty which provides repair/replacement in the event of physical defects but nothing in the case of software defects.
And how would these rating agencies select the code they were going to audit? They can't audit everything, so they would prioritise... Vendors would pay to have their code audited, and perhaps try to corrupt the process to get a better rating. OSS code would not be able to pay to get audited, and thus would never have a rating at all.
There are already various governments operating such schemes, they are extremely expensive and slow, with the final result being a small cartel of incumbent suppliers where the "approved" versions are horrendously out of date and often suffer from known vulnerabilities.
Not being able to figure anything out is a bad thing, the more complex your system is the greater chance of there being bugs, and if your system is important or widespread enough then *someone* will take the effort to figure it out and probably understand it a lot better than the people tasked with running it.
Having a complete understanding of how a system works should not allow that system to be compromised if it's well designed. Never rely on obscurity.
Slashdot Mirror
A small cheap UPS could keep something as low power as this running for a long time, brief power outages shouldn't pose a problem. And if you build it correctly, you shouldn't really need to reset it.
You can get the Mirabox, or one of its predecessors like the OpenRD or Dreamplug, all of which have dual GigE and some have a pcie slot and/or wifi too. They are only single core, but for a router that's more than adequate. I have 100mbit connectivity, the openrd can saturate the link just fine and the mirabox has a somewhat faster cpu.
Combined with a decent managed switch, you can use VLANs to get more interfaces. I have 2 WAN links which are vlanned and connected to the same physical nic, and several internal VLANs for different purposes.
I always prefer to have separate devices, i would be in a similar boat to you because the line enters the house in an awkward place. I have cat6 throughout the house, and an AP located about as centrally as it can be, but that still results in spotty service in one of the bedrooms and its unusable in the garage or the garden.
How are you supposed to go online to configure your router?
Surely you need to configure your router *before* you can get online?
Thats what happens if you buy proprietary junk... I have some much older hardware phones which support SIP, and they all still work.
So find a service provider who offers the same service, but does so using standard protocols like SIP or IAX, they won't care what client you use and you have a choice of hundreds. There are plenty of such providers out there.
Another question to ask is, why was someone at google looking at someone's personal email account?
Only it's quite easy to charge snowden with a crime, while the ethics of what he did and what he exposed can be questioned, from a purely legal standpoint he did commit a crime.
That's completely the wrong approach..
If your hosts aren't secure enough to be on the public internet, they shouldn't be on an internal network either. Many attacks come from the inside, and if you have a large number of insecure hosts hidden behind a border firewall then all it takes is one tiny hole and everything can come crashing down, as has happened many times in the past.
A firewall is not the ultimate answer, and nor should it be your only line of defense. If hosts are correctly configured, then a firewall won't actually improve security as the only services exposed on the host will be ones you intended to run and thus explicitly allowed through the firewall.
If ports are unused, then the hosts themselves will reject any traffic sent to them without the need of a firewall...
If the hosts are running services you don't want, then you haven't configured your hosts correctly and hiding poorly configured hosts behind a firewall is not the answer.
Assuming the servers are correctly configured and hardened, then a firewall is an additional layer - ie the ports allowed by the firewall will be those ports that you have explicitly opened on the server, nothing else should be present irrespective of what the firewall allows. Wether you then need one depends on your budget, your risk profile, wether you need to comply with any external requirements (like pci-dss) etc.
Personally i have many servers with no firewalls, because having a firewall would add additional hosting cost, additional point of failure, additional attack surface, additional latency, and the servers themselves don't run any services that aren't intended to be open to the internet (and thus everything thats running would be allowed by the firewall anyway).
The benefits of having a firewall in my case - an extra place for logs incase my host is compromised, and the ability to control outbound access if the host is compromised, are outweighed by the downsides. The chance of the host actually becoming compromised in the first place wouldn't be decreased by the addition of a firewall, but you'd have the additional risk that the firewall itself could be compromised.
Short term it may cost more, long term it should save a lot... As someone who fully expects to still be paying taxes in 10 years time, i welcome long term savings.
As for interoperability, they are the government... You either want their business (eg suppliers), or you have no choice (eg taxpayers)... If they require that you submit documents in ODF then that's what you do, or they will find other suppliers who will.
Security through obscurity is an accident waiting to happen... When you talk about a system that noone would bother trying to hack, consider the bitcoin exchange mtgox - it started off as a simple site for trading game cards, and initially bitcoins had very little value - there was very little interest in hacking it. Then pretty much over night bitcoin exploded in value, making it a very tempting target indeed.
Also when you talk about a power plant system, a one way link is the security, not the obscurity aspect.
A secure system is one where even those who know the system inside out cannot break into it.
Well another part of the problem is that bikes are also not registered... Cars have license plates which allow people to easily identify the vehicle, bikes do not, which means bike riders feel far more anonymous and able to get away with illegal activities.
The audio circuitry is the primary function of a phone, whereas on a desktop computer it may never get used at all. Priorities...
If there was more diversity among the systems being used, then even social engineering attacks would be harder... Whats the point trying to trick someone into running a program, if the system theyre using isnt capable of running it?
And if the activation servers are turned off, who's to say they will be willing or able to activate it over the phone?
There's a lot to be said for consideration on the roads... And riding two abreast when doing so makes it hard for faster vehicles to pass is extremely inconsiderate, irrespective of legality.
If you're doing something which unnecessarily inconveniences others why should they show you any consideration in return? There are many instances where the slowness and instability of a bike could make certain manoeuvres impossible or extremely dangerous, and car drivers will often allow bikes to pass when they aren't legally obliged to. The more you do to unnecessarily piss drivers off, the less they will do to help you.
The problem is that there are no license requirements for bikes, so many riders are totally unaware of the actual laws, and often highly inexperienced..
Drivers at least have to pass a test, and while there are plenty of bad drivers they should at least have some experience and understanding of the rules.
On a daily basis i see bikes ignoring red lights, while to see a car go through on red is pretty rare. Just yesterday i saw a bike come off of a footpath, go directly across a 2 lane road without slowing or checking for vehicles (causing several cars to hit the brakes) and into the wrong end of a one way street.
And it's no better as a pedestrian, i was shouted at by a bike rider who took issue with the fact i was in her way by walking down the sidewalk causing her to hit the brakes. It's illegal to ride there, why should i be forced to get out of the way of a bike speeding down the hill ringing a bell and shouting?
Also when trying to cross a road, you get a group of vehicles which pass you, and then a long spaced out stream of bikes that fill in the gap before the next group of vehicles - giving you no time to cross.
The UK system of vending machines in the airport is extremely convenient (and the vending machines typically support a bunch of languages and different network sims too), i wish other countries did something similar...
You can buy prepaid sims in most countries but often not in the airport, and quite often the pricing will only be displayed in the local language etc so it can be hard to work out what you're actually getting for your money (and quite easy to get ripped off in the small phone shops).
I just want a cheap prepaid sim that the people i'm visiting can call me on, and with a decent data allowance so i can use google maps etc. It would also be extremely convenient if you could buy them before you travel and have them shipped to you.
Just find something with PCI... Then you can use a fairly modern motherboard with easily obtainable ram in useful quantities, and use PCI cards for everything else - video, sound, and find an old SCSI controller instead of IDE.
The board/cpu itself should be fully compatible with the older software, and using pci cards solves the problem with lack of drivers for the older hardware.
Software is often more expensive than the hardware it runs on, and yet you still have a warranty which provides repair/replacement in the event of physical defects but nothing in the case of software defects.
And how would these rating agencies select the code they were going to audit?
They can't audit everything, so they would prioritise... Vendors would pay to have their code audited, and perhaps try to corrupt the process to get a better rating. OSS code would not be able to pay to get audited, and thus would never have a rating at all.
There are already various governments operating such schemes, they are extremely expensive and slow, with the final result being a small cartel of incumbent suppliers where the "approved" versions are horrendously out of date and often suffer from known vulnerabilities.
Not being able to figure anything out is a bad thing, the more complex your system is the greater chance of there being bugs, and if your system is important or widespread enough then *someone* will take the effort to figure it out and probably understand it a lot better than the people tasked with running it.
Having a complete understanding of how a system works should not allow that system to be compromised if it's well designed. Never rely on obscurity.
And what about a bug in the sandboxing?
Combined with the presence of the sandbox giving the user a false sense of security...