I've seen small/low-speed fans for this. They looked like they used a peltier junction with a flat base that sits on the stove on one end and a heat sink on the other end. I thought they were really cool and went to buy one, but (at the time at least) they were REALLY expensive.
This is what all the talk of cloud computing, software as a service, etc is looking to do. It is to me the antithesis of what the PC revolution promised (to deliver computing power to every person under their control.)
MS made their business by supporting this and helping release people (well mostly businesses at first but eventually people) from the big iron/green screen lock it was under before. The problem is once they won, and had a chance to make a real difference, they got greedy.
Too bad they didn't realize that by sacrificing the trust of their user base, they threw away an opportunity for even more money (imagine the good they could do - and money they could make from - doing things like personal identity management and web site trustworthiness certification.) There is no way on earth I would trust them with that now and from the failure of their attempt to move into this market in the early years of their.Net work, I think most others felt the same.
What you say may be correct, but he said the performance hit starts as soon as Windows loads. If this is literally true, then he probably doesn't have any apps running yet which makes me suspect a problem in the implementation. This is not typical to what I (or other people I have spoken to) have seen with mainstream encryption products.
That's an interesting approach and solves the ability to recover it (unless you need to do it remotely???) for a small number of machines. For larger entities, I think this would be unworkable (too much overhead matching which header goes to which drive/PC) for a large organization though.
Oops, you are correct, it can do this in AD. I think I it was actually an issue specific to us: we were still using the 2000 version of AD at the time Bitlocker came out and I think it requires 2003 (not an AD dude so this may be the wrong terminology, but hopefully it conveys the meaning even if its wrong.)
Oops, meant to say "desktops or even servers" and not "desktops or even laptops" - sorry.
Admittedly, servers may be a bad idea in some cases, but servers is a pretty broad term and can mean anything from a machine locked up in a Fort Knox like hosting environment to a PC in a broom closet at someone's office in eastern Europe!
Something is wrong. I recently evaluated FDE products for my employer (although PGP was not one of them) and other than the initial encryption (which slowed-down my PC about as much as a complete backup would) the performance hit is not noticeable.
If you are seeing constant performance hits which seem to be directly related to adding a modern encryption product, then something is very wrong (maybe you have minimal memory and it's try to encrypt the swap file/partition?)
You have some good points, but I disagree with your conclusion "a policy of having all disks encrypted is bad:"
I completely agree with your point #1, but its probably not realistic to demand this at all organizations. For #'s 4 and 5 the performance penalty is negligible on modern PC's (except for very extreme situations such as database servers.) Even then you might still consider it if the data was important enough and you could not provide some other means of guaranteeing it against physical loss/theft.
As for 2, current FDE products are so end-user friendly that having people try to get around them just because you added encryption is really not a concern.
Finally, for #3, I am not sure. You are correct that a failed drive means you now have a very high liklihood of catastrophic loss, but you really should make sure your users have a good backup system in place before or as part of your encryption roll-out.
Exactly. This is one of the reasons for using a mature solution (such as PGP or one of its successors and not something like Bitlocker) which offer centralized key management and recovery. It is EXTREMELY difficult to trace all the possible places a Windows OS might write data to (and maybe even a *NIX one too) and then make sure all that data is deleted and overwritten to prevent forensic recovery. This gets to be MUCH harder if you start copying the data to thumb drives (assuming that it is not just you and other people who might use the same drive as the one housing all their MP3's - and thus don't want to completely wipe it - or worse pirated games that might contain malware!)
I haven't looked into the Truecrypt FDE solution (I used a version from before they added that feature and when I evaluated encryption products for my employer), but unless they offer the ability to centrally manage the keys, then its probably not as useful in a corporate environment. For instance, corporate IT needs to be able to unencrypt the drive when a user forgets their password or is in a lawsuit (might need to provide an exact copy of the drive to show the data wasn't tampered with) or an employee leaves/is forced out.
Using FDE (Full Disk Encryption) on desktops or even laptops can be useful for preventing embarrasment when a janitor or other after-hours employee steals a desktop and sells it for parts (maybe on E-bay.) You then don't have to worry about headlines about your employer allowing all its employee's SSN's or customer CC #'s to be lost.
In theory, no. If there is a "bad guy" who wants your data and snags your laptop which is powered-on with a screen saver lock running, then all he has to do is keep it powered-on and try to either attack the OS (such as the recent Windows vulnerability that allowed unauthenticated remote admin) or use something like the Firewire DMA capability (or maybe even use the PCMCIA cardbus adapter on a laptop) to pull data directly from memory.
One thing I've always wondered about ion engines is Can we take advantage of relativistic mass to give us greater thrust? For example, can we say use tiny rest masses (like say hydrogen nuclei) accelerated to a ridiculous fraciton of the speed of light to give us equivalent (or great thrust) than a chemical rocket?
Actually, I think you are also missing the point or at least your explanation did.
The theory is that all elements heavier than hydrogen were formed inside stars that went through their complete cycle and died then dispersed to be reformed into the planet we now live on. So everything on earth (except maybe the hydrogen) was formed inside a star at one time, so in theory we and everything else on earth are made of starstuff.
I grew-up in the gold rush area of northern CA. Gold mines that returned a few ounces of gold/ton of ore were generally considered to be worth mining. Do you know what the return based on weight of electronics usually runs and how it compares?
Ummm, iron? A huge chunk of the middle of our whole FREAKIN PLANET is nickel/iron. It may take new tech to get to it, but we aren't going to run out of iron for a long time (unless we start building some deathstar size starships from it or something like that.)
As for your other points, I would love to see a better recycling program in my area, but there are ways to achieve this end and still let us live the couch potato lifestyle I love so dearly. Specifically, the area I last lived-in (near Jackson, TN) had a bunch of employees at the local dump who sorted through people's garbage (I think they put it on a big conveyor belt and opened the bags as they went by.) Not exactly anyone's dream job, but if the value of these materials rises due to scarcity, I think we'll see more of this kind of thing.
I agree. If they had just kept it the same and made a security-hardened update, I would have stuck with their client. As it is, I will never try it again.
When I grew-up in a very rural area of northern California, the sheriff was the only local law enforcement officer with jurisdiction to help. If we were in trouble and needed their help, it would have been at LEAST 15 minutes if they were in the area and knew exactly where we were (not very likely given how remote we were) and more likely over an hour in the best case. For this reason, we had enough guns to do a decent job of defending ourselves.
We also had many encounters with black bears, mountain lions, coyotes and rattle snakes. Fortunetly for me, there were very few times when actively defending ourselves was necessary, but to people who live in areas like that, carrying firearms is a prudent choice.
The housing crisis was largely a result of a problem we had long before then: Our traditional industries were dying/leaving and the only thing holding our economy together was people's ability to borrow against their houses and continue to spend like drunken sailors.
I have no idea how we are going to pull out of this. When I go to a store it is REALLY hard to find something that says "Made in USA" on it (and I look almost every time I am planning on buying something.) In fact, I don't know of any industry where we are a true leader anymore except tobacco and weapons. These are not the kinds of products I would like to see us associated with.
The loss of all those manufacturing jobs means that there is a river of money flowing out of the US instead of into it. We have borrowed tons of money to buy our cheap, made in Asia toys and OPEC oil. Now they have so much of our currency that they must be wallpapering their walls with it. This has naturally led to a decrease in the value of that green wallpaper.
be fired by the stockholders (I know bashing Microsoft in Slashdot - imagine that!) But seriously, they were in the perfect position to become this. They had the money and they had the universal presence to pull it off. But they proved themselves to be such untrustworthy, scheming pricks that noone in their right mind would follow along. Talk about a missed opportunity. Maybe Google will realize they still have a chance to do this. So far they seem to have done a decent job resisting the temptation to completely abuse the data they already have on us. They are probably the best hope for us here.
Blackberries are great, but I don't think you get local data encryption without paying extra.
IIRC the guys from PGP said that their encryption software was installed by default but not available (until you pay for the license.)
So you get encrypted transmission and the ability to "remote destruct" known stolen and "self-destruct" on X number of failed password attempts, but need to pay extra to protect the data from someone prying it out one its arrived. The thing is, I don't know how big a risk this is (can you just plug-in the USB port and slurp it or does the password prevent this too?)
Sorry, but just no. I have a decent new laptop PC (Turion 64x2 @1.9Ghz, 4GB of RAM a 7200RPM Sata 2 drive and the weakest piece is the integrated ATI express 1250.)
For most tasks Vista on this PC runs at OK speed. That's absolutely ridiculously inexecusable for hardware of this level to be "just OK" at best. However, if I try to do any kind of file operaiton the thing is an absolute pig. I don't know if its the stupid DRM or what but this machine will sit there and grind endlessly when doing simple copies.
So, why do I leave it at Vista, well 2 reasons: I need a MS OS to play some of the games I have and I don't feel like paying for a copy of XP just to throw on here (it came with Vista Home "Premium" pre-loaded.) The other reason is that I suspect XP drivers will not be available for the hardware if I spent the money and bought a copy of XP.
What this leaves is I dual boot Linux (I usually use Mandriva but have tried Ubuntu as well) and Vista: Linux for everything but my a very few games and I shop for Linux native clients or beg vendors for them. I have the option of loading Cedega (been a member/customer of theirs for years), but haven't gone that route with the new machine yet.
Slashdot Mirror
I've seen small/low-speed fans for this. They looked like they used a peltier junction with a flat base that sits on the stove on one end and a heat sink on the other end. I thought they were really cool and went to buy one, but (at the time at least) they were REALLY expensive.
This is what all the talk of cloud computing, software as a service, etc is looking to do. It is to me the antithesis of what the PC revolution promised (to deliver computing power to every person under their control.) MS made their business by supporting this and helping release people (well mostly businesses at first but eventually people) from the big iron/green screen lock it was under before. The problem is once they won, and had a chance to make a real difference, they got greedy. Too bad they didn't realize that by sacrificing the trust of their user base, they threw away an opportunity for even more money (imagine the good they could do - and money they could make from - doing things like personal identity management and web site trustworthiness certification.) There is no way on earth I would trust them with that now and from the failure of their attempt to move into this market in the early years of their .Net work, I think most others felt the same.
What you say may be correct, but he said the performance hit starts as soon as Windows loads. If this is literally true, then he probably doesn't have any apps running yet which makes me suspect a problem in the implementation. This is not typical to what I (or other people I have spoken to) have seen with mainstream encryption products.
That's an interesting approach and solves the ability to recover it (unless you need to do it remotely???) for a small number of machines. For larger entities, I think this would be unworkable (too much overhead matching which header goes to which drive/PC) for a large organization though.
Oops, you are correct, it can do this in AD. I think I it was actually an issue specific to us: we were still using the 2000 version of AD at the time Bitlocker came out and I think it requires 2003 (not an AD dude so this may be the wrong terminology, but hopefully it conveys the meaning even if its wrong.)
Oops, meant to say "desktops or even servers" and not "desktops or even laptops" - sorry. Admittedly, servers may be a bad idea in some cases, but servers is a pretty broad term and can mean anything from a machine locked up in a Fort Knox like hosting environment to a PC in a broom closet at someone's office in eastern Europe!
Neither is locking your the door to your house/car the same as security. Its still a bad idea not to do it though.
Something is wrong. I recently evaluated FDE products for my employer (although PGP was not one of them) and other than the initial encryption (which slowed-down my PC about as much as a complete backup would) the performance hit is not noticeable. If you are seeing constant performance hits which seem to be directly related to adding a modern encryption product, then something is very wrong (maybe you have minimal memory and it's try to encrypt the swap file/partition?)
You have some good points, but I disagree with your conclusion "a policy of having all disks encrypted is bad:" I completely agree with your point #1, but its probably not realistic to demand this at all organizations. For #'s 4 and 5 the performance penalty is negligible on modern PC's (except for very extreme situations such as database servers.) Even then you might still consider it if the data was important enough and you could not provide some other means of guaranteeing it against physical loss/theft. As for 2, current FDE products are so end-user friendly that having people try to get around them just because you added encryption is really not a concern. Finally, for #3, I am not sure. You are correct that a failed drive means you now have a very high liklihood of catastrophic loss, but you really should make sure your users have a good backup system in place before or as part of your encryption roll-out.
Exactly. This is one of the reasons for using a mature solution (such as PGP or one of its successors and not something like Bitlocker) which offer centralized key management and recovery. It is EXTREMELY difficult to trace all the possible places a Windows OS might write data to (and maybe even a *NIX one too) and then make sure all that data is deleted and overwritten to prevent forensic recovery. This gets to be MUCH harder if you start copying the data to thumb drives (assuming that it is not just you and other people who might use the same drive as the one housing all their MP3's - and thus don't want to completely wipe it - or worse pirated games that might contain malware!)
I haven't looked into the Truecrypt FDE solution (I used a version from before they added that feature and when I evaluated encryption products for my employer), but unless they offer the ability to centrally manage the keys, then its probably not as useful in a corporate environment. For instance, corporate IT needs to be able to unencrypt the drive when a user forgets their password or is in a lawsuit (might need to provide an exact copy of the drive to show the data wasn't tampered with) or an employee leaves/is forced out.
Using FDE (Full Disk Encryption) on desktops or even laptops can be useful for preventing embarrasment when a janitor or other after-hours employee steals a desktop and sells it for parts (maybe on E-bay.) You then don't have to worry about headlines about your employer allowing all its employee's SSN's or customer CC #'s to be lost.
In theory, no. If there is a "bad guy" who wants your data and snags your laptop which is powered-on with a screen saver lock running, then all he has to do is keep it powered-on and try to either attack the OS (such as the recent Windows vulnerability that allowed unauthenticated remote admin) or use something like the Firewire DMA capability (or maybe even use the PCMCIA cardbus adapter on a laptop) to pull data directly from memory.
One thing I've always wondered about ion engines is Can we take advantage of relativistic mass to give us greater thrust? For example, can we say use tiny rest masses (like say hydrogen nuclei) accelerated to a ridiculous fraciton of the speed of light to give us equivalent (or great thrust) than a chemical rocket?
Actually, I think you are also missing the point or at least your explanation did. The theory is that all elements heavier than hydrogen were formed inside stars that went through their complete cycle and died then dispersed to be reformed into the planet we now live on. So everything on earth (except maybe the hydrogen) was formed inside a star at one time, so in theory we and everything else on earth are made of starstuff.
I grew-up in the gold rush area of northern CA. Gold mines that returned a few ounces of gold/ton of ore were generally considered to be worth mining. Do you know what the return based on weight of electronics usually runs and how it compares?
Ummm, iron? A huge chunk of the middle of our whole FREAKIN PLANET is nickel/iron. It may take new tech to get to it, but we aren't going to run out of iron for a long time (unless we start building some deathstar size starships from it or something like that.) As for your other points, I would love to see a better recycling program in my area, but there are ways to achieve this end and still let us live the couch potato lifestyle I love so dearly. Specifically, the area I last lived-in (near Jackson, TN) had a bunch of employees at the local dump who sorted through people's garbage (I think they put it on a big conveyor belt and opened the bags as they went by.) Not exactly anyone's dream job, but if the value of these materials rises due to scarcity, I think we'll see more of this kind of thing.
Last year, my intern told me that his college friends use multi-network clients now. I think he mentioned something like ebuddy?
I agree. If they had just kept it the same and made a security-hardened update, I would have stuck with their client. As it is, I will never try it again.
He meant 640k CORES should be enough for anybody.
When I grew-up in a very rural area of northern California, the sheriff was the only local law enforcement officer with jurisdiction to help. If we were in trouble and needed their help, it would have been at LEAST 15 minutes if they were in the area and knew exactly where we were (not very likely given how remote we were) and more likely over an hour in the best case. For this reason, we had enough guns to do a decent job of defending ourselves. We also had many encounters with black bears, mountain lions, coyotes and rattle snakes. Fortunetly for me, there were very few times when actively defending ourselves was necessary, but to people who live in areas like that, carrying firearms is a prudent choice.
The housing crisis was largely a result of a problem we had long before then: Our traditional industries were dying/leaving and the only thing holding our economy together was people's ability to borrow against their houses and continue to spend like drunken sailors. I have no idea how we are going to pull out of this. When I go to a store it is REALLY hard to find something that says "Made in USA" on it (and I look almost every time I am planning on buying something.) In fact, I don't know of any industry where we are a true leader anymore except tobacco and weapons. These are not the kinds of products I would like to see us associated with. The loss of all those manufacturing jobs means that there is a river of money flowing out of the US instead of into it. We have borrowed tons of money to buy our cheap, made in Asia toys and OPEC oil. Now they have so much of our currency that they must be wallpapering their walls with it. This has naturally led to a decrease in the value of that green wallpaper.
be fired by the stockholders (I know bashing Microsoft in Slashdot - imagine that!) But seriously, they were in the perfect position to become this. They had the money and they had the universal presence to pull it off. But they proved themselves to be such untrustworthy, scheming pricks that noone in their right mind would follow along. Talk about a missed opportunity. Maybe Google will realize they still have a chance to do this. So far they seem to have done a decent job resisting the temptation to completely abuse the data they already have on us. They are probably the best hope for us here.
Blackberries are great, but I don't think you get local data encryption without paying extra. IIRC the guys from PGP said that their encryption software was installed by default but not available (until you pay for the license.) So you get encrypted transmission and the ability to "remote destruct" known stolen and "self-destruct" on X number of failed password attempts, but need to pay extra to protect the data from someone prying it out one its arrived. The thing is, I don't know how big a risk this is (can you just plug-in the USB port and slurp it or does the password prevent this too?)
Sorry, but just no. I have a decent new laptop PC (Turion 64x2 @1.9Ghz, 4GB of RAM a 7200RPM Sata 2 drive and the weakest piece is the integrated ATI express 1250.) For most tasks Vista on this PC runs at OK speed. That's absolutely ridiculously inexecusable for hardware of this level to be "just OK" at best. However, if I try to do any kind of file operaiton the thing is an absolute pig. I don't know if its the stupid DRM or what but this machine will sit there and grind endlessly when doing simple copies. So, why do I leave it at Vista, well 2 reasons: I need a MS OS to play some of the games I have and I don't feel like paying for a copy of XP just to throw on here (it came with Vista Home "Premium" pre-loaded.) The other reason is that I suspect XP drivers will not be available for the hardware if I spent the money and bought a copy of XP. What this leaves is I dual boot Linux (I usually use Mandriva but have tried Ubuntu as well) and Vista: Linux for everything but my a very few games and I shop for Linux native clients or beg vendors for them. I have the option of loading Cedega (been a member/customer of theirs for years), but haven't gone that route with the new machine yet.