A number of years ago, France was looking at doing something similar, using a number of large Mylar ballons, so they could celebrate an anniversery as the satellite passed overhead, which would glow brightly. This was finally nixed when astronomers made mention that this would destroy their equipment, as it would be difficult to plan for this object to go overhead, and its brightness would fry sensitive photocells.
Again, someone trying a project like this. The fewer items in space, the better. With countries starting to shoot down satellites, it is only a matter of time before the Kessler Syndrome rears its ugly head, and getting past low earth orbit would be impossible.
What we really need are advances in battery energy storage. If we can get the energy per unit volume within an order of magnitude of gasoline, propane, or other fossil fuels, transportation would be radically changed. No more IC engines, and cars can be redesigned from the ground up better using space that the engine, fuel delivery, and exhaust systems once took up.
What electric cars allow is for them to be fueled from anything. For example, in Canada, it is mainly hydro. In Texas, solar/wind, perhaps biomass. Other places, geothermal. This means that if there is an oil crisis (which will be a matter of when, not if), you will still be able to get to work without a drain on your wallet.
Plus, electric cars use relatively little energy when stopped, while IC engines have to idle. This by itself will cut pollution by a significant amount.
If it isn't obvious, we are starting to see signs of a recession coming our way. Amazon is a retailer, and just like any other, they are subject to how well-off people are doing financially. Come crappy times, retail sales are going to suffer.
This isn't to say Amazon will go the way of Sears. AWS will ensure that they are not going anywhere, because businesses always outsource/offshore when a recession hits, even if it costs them more, so more businesses will be doing lift-and-shifts to the cloud in order to save on CapEx costs, even though their monthly burn rate will spike.
Of course, if Amazon really starts hurting, they can always raise rates on AWS services, and with so many companies shackled to the cloud with no way to leave (good luck getting away from Lambda), they will pony up the higher rates, and pray the deal doesn't get altered further.
First of all, thank you for designing Android Keystore. This is something that all operating systems need to have, and it is a very useful security feature.
My take is that even if there might be vulnerabilities with 2FA on Android, or any phone OS for that matter... getting people to use 2FA is worth it, because most security compromises are mitigated by 2FA, even more so with physical tokens that one presses (like YubiKeys). 2FA goes a long way in ensuring that a keylogger doesn't cause a complete and utter compromise of bank data.
The only thing I wish for, with 2FA seeds, is a standard for backing them up which works across devices. There are programs that sync them, but it would be nice to have both a reliable and safe, yet secure (encrypted, of course) method of storing those seeds somewhere, so one can reload them if they lose their phone. I keep an iPod Touch around and synced with a program like CodeBook, EnPass, or 1Password, just so I can get access back. If 2FA seeds are lost, there can be Hell to pay. For example, I have some NAS devices that don't have any recovery mechanism... lose the MFA code, and one either uses one of the 5-10 recovery codes, or is just plain SOL and has to rebuild the NAS from scratch.
HTC isn't all bad. In fact, you can get a key and unlock the bootloader, then use Sunshine to get full s-off status. Plus, you can use alternative ROMs like LineageOS, or stick with the current one and use Magisk for a systemless root so you can have root and Google Pay.
Other phone makers don't even allow you to unlock the bootloader at all. Huawei explicitly blocked this, and Samsung with non-Exynos CPUs is similar. Without root, you have no control of what runs on your phone, and what apps can send what info anywhere. With root, you can enable firewalling, or use Titanium Backup to actually have usable backups of your device.
In fact, I've had great luck with HTC devices over the years. They may not be the leader, but they are a strong performer.
Exactly. Knowing previous history, even with ads, they will soon start charging a fee for "maintenance", then in no time, people will be paying the full cost of the mobile carrier again... and have ads. This has happened before. Cable TV is a good example, where it was initially ad-free, paid for by subscribers. Then, a few ads between shows. Now, you pay for the same, perhaps more ads as you get by watching OTA TV.
I'm would not be surprised if the ads would become more invasive over time. Perhaps demanding you watch a 2 minute spot before you can call, or watching 30 second ads per megabyte of bandwidth used. Of course, any of the data on the phone will be fair game, including geolocation, voice transcriptions of phone calls, screenshots of apps in use, etc.
I have not understood why the ARM TrustZone "worlds" isn't used with a hypervisor. It would provide a very armored attack surface, preventing malware in one VM from trying to jump to another. It also would be useful for stuff the OS wants to protect (user credentials to guard against a pass the hash attack).
By no means is the Raspberry Pi perfect (more RAM would be nice), but it is very easy to get started working with it. It would be nice if more ARM SBC makers agreed on a chipset standard, making the SoC modules available to (and hopefully part of) the Linux mainstream kernel.
I can see a niche for SBCs designed to be desktops, or perhaps small blades for a dense enclosure, similar to a Raspberry Pi compute model, but with a non-trivial amount of RAM. This would make for a very useful VDI structure.
I wonder about a hypervisor standard for ARM. That way, the actual hardware can have funky SoC components, but all that stuff is abstracted away. This way, it doesn't really matter what the hardware is, there is an environment for an OS available that doesn't require the OS to deal with funky drivers in general.
I am tired of "experiences". What is wrong with a simple, fast, low-latency interface for mail? Good examples of this are Thunderbird, Roundcube, or even Mutt. Mail doesn't need to be "edgy". It needs to be quick, and support the usual features, so I can read whatever is there, reply, have rules to send the latest message from $VENDOR to a specific E-mail box, and support PGP and S/MIME.
Didn't we learn from the early 2000s with all the E-mail worms about "experiences" and "live content" in E-mails? Looks like Google forgot.
I would love to see this as well. Of course, the first reply is "it doesn't benefit me, so why should my taxes pay for it?" This ends the discussion right there.
Now this is something scary. Any company that takes security seriously uses a HSM to ensure that at worst, bad guys have to compromise the HSM specifically to generate signatures.
At the minimum, and this is a MS recommended practice, the cert signing computers should be air-gapped to require a physical presence to sign something. The fact that this isn't done for a critical hardware company is extremely worrisome.
For something as critical as updates, it is actually shocking that a HSM isn't used. These are not expensive... YubiKey sells a HSM for $650.
I would say that everyone is right here. C, it is easy to make mistakes which cannot happen in Java or Python, like not watching where pointers are going, array out of bounds issues, and other stuff.
However, part of it is modern coding in general. The last several "Agile" places I worked at were in permanent sprints, and the job of the developers is to get a feature that marketing already sold to the customer into the product. It doesn't matter if it doesn't work, or is horrifically insecure. It is about making those deliverables in time. When one was made, marketing had two more waiting to be done, so it never ceased.
In most places, one can easily wind up having their job outsourced/offshored if they don't make deliverables. On the other hand, something horrifically insecure that causes every customer to have a backdoor to the world, the developer is insulated from that, through many layers of corporate bureaucracy, so even if there are lawsuits, the developer would likely feel no consequences.
tl;dr, blame the programmer, not the tools. However, some languages require more thought to program safely/securely than others.
You hit the nail on the head. I subscribe to Google's Premium service because that is what I mainly watch. However, my NetFlix subscription is free because I get it through my cellular carrier. Do I care to pay $10 a month to a whole bunch of providers? Not really.
I don't want to sound alarmist, but what are all these businesses selling subscriptions going to do if there is a recession, and Joe Sixpack has to tighten the belt? The first thing he will be doing is cancelling all but maybe 1-2 things that he watches the most. In good times, subscriptions make sense, but come times where people are mainly focused on keeping the lights on, food on the table, and the repo men away from the car, subscription based companies are going to have a losing business model.
I wonder if GitHub could offer a service where if an API key, be it PGP, SSH, or others, it would automatically disable that item on the relevant repository. This wouldn't stop the best of the best, but it would at least be some remedial security... far better than none.
Oftentimes the person trying to pawn the stuff is likely not the person whose stuff is on the device. Pawn shops do try to check serials and databases to check if something is stolen, but stuff does get through.
Even if the manufacturer thinks they did a wipe, it might not actually be done. My recommendation is to always use FDE. This way, when the drive is reformatted, there is no way to access the data, especially if the machine uses a TPM, and the TPM is reset.
I recommend FDE on everything, if possible. This way, making sure a complete zeroing isn't as big an issue.
In a way, I find a 5400 RPM HDD almost insulting. I can see something like that in a sub-$300 laptop, but for a computer that costs four digits minimum, that is inexcusable. The only good thing is that maybe the HDD can be replaced by a SATA SSD, allowing for some expansion.
As secondary storage, maybe it would be usable. It would be interesting to put in two 3.5" drives and have them run RAID 1 just for Time Machine backups, ensuring that the SSD is well backed up. Bonus points if there is OS protection, so ransomware can't have a field day with the TM drives.
If Apple's T2 chip still disallows Linux from using the onboard SSD, that is a deal breaker. Mainly because when Apple stops supporting a Mac model in macOS, you need to run something that gets security updates.
I treat the cloud as another media type, like tape, disks, optical, punch cards, etc. The cloud is effective and reliable at handling "oopses" like drive failures. However, an attacker can purge everything you have with a couple mouse clicks if they get access to your account. Having local media is still critical, as most cloud providers charge egress fees for restores.
Ideally, I like having a 3-2-1 backup system. Three copies, two on different media, one offsite. For critical data, 4-3-2 might be useful. For example, a PC backs itself up to a NAS [1] via Veeam or Time Machine, documents get backed up to CrashPlan, and every so often, all critical files get burned to DVD every month or quarter. Alternatively, documents can be sent via Arq to Wasabi or Backblaze B2 for long term storage.
This way, if Internet access is tough, I have local backups. If I get stung by ransomware, I have physically read-only copies, etc.
I wish optical, as a consumer level format, were still developed. Yes, one can buy a Sony ODSD77U optical drive that does 1.5 TB, but not many people have $6500 for that. This would allow people to easily back up locally. No, it isn't "edgy" like the cloud... but it is ransomware resistant, and tends to have a long archival life... and a remote attacker can't destroy all your DVDs with a single mouse click.
[1]: Ideally, the NAS should take snapshots or backups, and have the admin user separate from the user for the shares, so if it gets hit by ransomware, a restore of that share is quick.
There is competition to Glacier. Wasabi offers $5/TB/month, generally with no in/out fees, while Glacier is $4 per TB/month, and there are fees and waiting time. Downside to both is that when you store something, you pay for the object for 90 days, even if you delete it.
Backblaze B2 also is in the same area, but Wasabi works with the S3 API.
I will go stick my neck out and agree with you on this. With a plug-in hybrid, there isn't any worry about range anxiety, and you have the benefit of an EV of not needing to refuel often. To boot, I've seen inverters added to use the hybrid as a very efficient whole-house generator in case of a power failure.
I do agree while most people can do OK with an EV, as they don't go far, day to day, it is nice to have the ability to not worry about trying to find a plug or Supercharger when going on an impromptu trip somewhere out in the country.
I don't understand how AV can be of use on a phone, unless it was running as root. If it is running as just another unprivileged UID, it isn't going to do much.
AV on computers may be justified to tick off checkboxes. On phones with mobile operating systems, the real security needs to be at the app stores.
I wish Google could do a two tier security model:
Tier 1 -- default tier, all apps are curated, scanned by Google's AI for potential mischief, and for an app developer to have an app in Tier 1, they must agree to more stringent requirements, and are put on notice that it doesn't take much for them to have their app chucked from the tier. This is what Amazon does with their Android app store.
Tier 2 -- This is what would be the present state of the Google Play Store.
From here, phones should default to only allow Tier 1, and just like sideloading, tell the user that they don't just walk into Mordor if they want to use Tier 2.
This way, there can be a wide variety of apps, but users have a trustworthy source that is actively curated, and where there is zero mercy shown for developer shenanigans.
Slashdot Mirror
The Facebook Messenger app on iOS and Android has the option to use the Signal protocol as well.
A number of years ago, France was looking at doing something similar, using a number of large Mylar ballons, so they could celebrate an anniversery as the satellite passed overhead, which would glow brightly. This was finally nixed when astronomers made mention that this would destroy their equipment, as it would be difficult to plan for this object to go overhead, and its brightness would fry sensitive photocells.
Again, someone trying a project like this. The fewer items in space, the better. With countries starting to shoot down satellites, it is only a matter of time before the Kessler Syndrome rears its ugly head, and getting past low earth orbit would be impossible.
What we really need are advances in battery energy storage. If we can get the energy per unit volume within an order of magnitude of gasoline, propane, or other fossil fuels, transportation would be radically changed. No more IC engines, and cars can be redesigned from the ground up better using space that the engine, fuel delivery, and exhaust systems once took up.
What electric cars allow is for them to be fueled from anything. For example, in Canada, it is mainly hydro. In Texas, solar/wind, perhaps biomass. Other places, geothermal. This means that if there is an oil crisis (which will be a matter of when, not if), you will still be able to get to work without a drain on your wallet.
Plus, electric cars use relatively little energy when stopped, while IC engines have to idle. This by itself will cut pollution by a significant amount.
If it isn't obvious, we are starting to see signs of a recession coming our way. Amazon is a retailer, and just like any other, they are subject to how well-off people are doing financially. Come crappy times, retail sales are going to suffer.
This isn't to say Amazon will go the way of Sears. AWS will ensure that they are not going anywhere, because businesses always outsource/offshore when a recession hits, even if it costs them more, so more businesses will be doing lift-and-shifts to the cloud in order to save on CapEx costs, even though their monthly burn rate will spike.
Of course, if Amazon really starts hurting, they can always raise rates on AWS services, and with so many companies shackled to the cloud with no way to leave (good luck getting away from Lambda), they will pony up the higher rates, and pray the deal doesn't get altered further.
First of all, thank you for designing Android Keystore. This is something that all operating systems need to have, and it is a very useful security feature.
My take is that even if there might be vulnerabilities with 2FA on Android, or any phone OS for that matter... getting people to use 2FA is worth it, because most security compromises are mitigated by 2FA, even more so with physical tokens that one presses (like YubiKeys). 2FA goes a long way in ensuring that a keylogger doesn't cause a complete and utter compromise of bank data.
The only thing I wish for, with 2FA seeds, is a standard for backing them up which works across devices. There are programs that sync them, but it would be nice to have both a reliable and safe, yet secure (encrypted, of course) method of storing those seeds somewhere, so one can reload them if they lose their phone. I keep an iPod Touch around and synced with a program like CodeBook, EnPass, or 1Password, just so I can get access back. If 2FA seeds are lost, there can be Hell to pay. For example, I have some NAS devices that don't have any recovery mechanism... lose the MFA code, and one either uses one of the 5-10 recovery codes, or is just plain SOL and has to rebuild the NAS from scratch.
HTC isn't all bad. In fact, you can get a key and unlock the bootloader, then use Sunshine to get full s-off status. Plus, you can use alternative ROMs like LineageOS, or stick with the current one and use Magisk for a systemless root so you can have root and Google Pay.
Other phone makers don't even allow you to unlock the bootloader at all. Huawei explicitly blocked this, and Samsung with non-Exynos CPUs is similar. Without root, you have no control of what runs on your phone, and what apps can send what info anywhere. With root, you can enable firewalling, or use Titanium Backup to actually have usable backups of your device.
In fact, I've had great luck with HTC devices over the years. They may not be the leader, but they are a strong performer.
Exactly. Knowing previous history, even with ads, they will soon start charging a fee for "maintenance", then in no time, people will be paying the full cost of the mobile carrier again... and have ads. This has happened before. Cable TV is a good example, where it was initially ad-free, paid for by subscribers. Then, a few ads between shows. Now, you pay for the same, perhaps more ads as you get by watching OTA TV.
I'm would not be surprised if the ads would become more invasive over time. Perhaps demanding you watch a 2 minute spot before you can call, or watching 30 second ads per megabyte of bandwidth used. Of course, any of the data on the phone will be fair game, including geolocation, voice transcriptions of phone calls, screenshots of apps in use, etc.
I have not understood why the ARM TrustZone "worlds" isn't used with a hypervisor. It would provide a very armored attack surface, preventing malware in one VM from trying to jump to another. It also would be useful for stuff the OS wants to protect (user credentials to guard against a pass the hash attack).
By no means is the Raspberry Pi perfect (more RAM would be nice), but it is very easy to get started working with it. It would be nice if more ARM SBC makers agreed on a chipset standard, making the SoC modules available to (and hopefully part of) the Linux mainstream kernel.
I can see a niche for SBCs designed to be desktops, or perhaps small blades for a dense enclosure, similar to a Raspberry Pi compute model, but with a non-trivial amount of RAM. This would make for a very useful VDI structure.
I wonder about a hypervisor standard for ARM. That way, the actual hardware can have funky SoC components, but all that stuff is abstracted away. This way, it doesn't really matter what the hardware is, there is an environment for an OS available that doesn't require the OS to deal with funky drivers in general.
I am tired of "experiences". What is wrong with a simple, fast, low-latency interface for mail? Good examples of this are Thunderbird, Roundcube, or even Mutt. Mail doesn't need to be "edgy". It needs to be quick, and support the usual features, so I can read whatever is there, reply, have rules to send the latest message from $VENDOR to a specific E-mail box, and support PGP and S/MIME.
Didn't we learn from the early 2000s with all the E-mail worms about "experiences" and "live content" in E-mails? Looks like Google forgot.
I would love to see this as well. Of course, the first reply is "it doesn't benefit me, so why should my taxes pay for it?" This ends the discussion right there.
Now this is something scary. Any company that takes security seriously uses a HSM to ensure that at worst, bad guys have to compromise the HSM specifically to generate signatures.
At the minimum, and this is a MS recommended practice, the cert signing computers should be air-gapped to require a physical presence to sign something. The fact that this isn't done for a critical hardware company is extremely worrisome.
For something as critical as updates, it is actually shocking that a HSM isn't used. These are not expensive... YubiKey sells a HSM for $650.
I would say that everyone is right here. C, it is easy to make mistakes which cannot happen in Java or Python, like not watching where pointers are going, array out of bounds issues, and other stuff.
However, part of it is modern coding in general. The last several "Agile" places I worked at were in permanent sprints, and the job of the developers is to get a feature that marketing already sold to the customer into the product. It doesn't matter if it doesn't work, or is horrifically insecure. It is about making those deliverables in time. When one was made, marketing had two more waiting to be done, so it never ceased.
In most places, one can easily wind up having their job outsourced/offshored if they don't make deliverables. On the other hand, something horrifically insecure that causes every customer to have a backdoor to the world, the developer is insulated from that, through many layers of corporate bureaucracy, so even if there are lawsuits, the developer would likely feel no consequences.
tl;dr, blame the programmer, not the tools. However, some languages require more thought to program safely/securely than others.
You hit the nail on the head. I subscribe to Google's Premium service because that is what I mainly watch. However, my NetFlix subscription is free because I get it through my cellular carrier. Do I care to pay $10 a month to a whole bunch of providers? Not really.
I don't want to sound alarmist, but what are all these businesses selling subscriptions going to do if there is a recession, and Joe Sixpack has to tighten the belt? The first thing he will be doing is cancelling all but maybe 1-2 things that he watches the most. In good times, subscriptions make sense, but come times where people are mainly focused on keeping the lights on, food on the table, and the repo men away from the car, subscription based companies are going to have a losing business model.
I wonder if GitHub could offer a service where if an API key, be it PGP, SSH, or others, it would automatically disable that item on the relevant repository. This wouldn't stop the best of the best, but it would at least be some remedial security... far better than none.
Oftentimes the person trying to pawn the stuff is likely not the person whose stuff is on the device. Pawn shops do try to check serials and databases to check if something is stolen, but stuff does get through.
Even if the manufacturer thinks they did a wipe, it might not actually be done. My recommendation is to always use FDE. This way, when the drive is reformatted, there is no way to access the data, especially if the machine uses a TPM, and the TPM is reset.
I recommend FDE on everything, if possible. This way, making sure a complete zeroing isn't as big an issue.
At least it is being upgraded. The "trashcan" Mac Pro languished for years without any refreshes.
In a way, I find a 5400 RPM HDD almost insulting. I can see something like that in a sub-$300 laptop, but for a computer that costs four digits minimum, that is inexcusable. The only good thing is that maybe the HDD can be replaced by a SATA SSD, allowing for some expansion.
As secondary storage, maybe it would be usable. It would be interesting to put in two 3.5" drives and have them run RAID 1 just for Time Machine backups, ensuring that the SSD is well backed up. Bonus points if there is OS protection, so ransomware can't have a field day with the TM drives.
If Apple's T2 chip still disallows Linux from using the onboard SSD, that is a deal breaker. Mainly because when Apple stops supporting a Mac model in macOS, you need to run something that gets security updates.
I treat the cloud as another media type, like tape, disks, optical, punch cards, etc. The cloud is effective and reliable at handling "oopses" like drive failures. However, an attacker can purge everything you have with a couple mouse clicks if they get access to your account. Having local media is still critical, as most cloud providers charge egress fees for restores.
Ideally, I like having a 3-2-1 backup system. Three copies, two on different media, one offsite. For critical data, 4-3-2 might be useful. For example, a PC backs itself up to a NAS [1] via Veeam or Time Machine, documents get backed up to CrashPlan, and every so often, all critical files get burned to DVD every month or quarter. Alternatively, documents can be sent via Arq to Wasabi or Backblaze B2 for long term storage.
This way, if Internet access is tough, I have local backups. If I get stung by ransomware, I have physically read-only copies, etc.
I wish optical, as a consumer level format, were still developed. Yes, one can buy a Sony ODSD77U optical drive that does 1.5 TB, but not many people have $6500 for that. This would allow people to easily back up locally. No, it isn't "edgy" like the cloud... but it is ransomware resistant, and tends to have a long archival life... and a remote attacker can't destroy all your DVDs with a single mouse click.
[1]: Ideally, the NAS should take snapshots or backups, and have the admin user separate from the user for the shares, so if it gets hit by ransomware, a restore of that share is quick.
There is competition to Glacier. Wasabi offers $5/TB/month, generally with no in/out fees, while Glacier is $4 per TB/month, and there are fees and waiting time. Downside to both is that when you store something, you pay for the object for 90 days, even if you delete it.
Backblaze B2 also is in the same area, but Wasabi works with the S3 API.
I will go stick my neck out and agree with you on this. With a plug-in hybrid, there isn't any worry about range anxiety, and you have the benefit of an EV of not needing to refuel often. To boot, I've seen inverters added to use the hybrid as a very efficient whole-house generator in case of a power failure.
I do agree while most people can do OK with an EV, as they don't go far, day to day, it is nice to have the ability to not worry about trying to find a plug or Supercharger when going on an impromptu trip somewhere out in the country.
I don't understand how AV can be of use on a phone, unless it was running as root. If it is running as just another unprivileged UID, it isn't going to do much.
AV on computers may be justified to tick off checkboxes. On phones with mobile operating systems, the real security needs to be at the app stores.
I wish Google could do a two tier security model:
Tier 1 -- default tier, all apps are curated, scanned by Google's AI for potential mischief, and for an app developer to have an app in Tier 1, they must agree to more stringent requirements, and are put on notice that it doesn't take much for them to have their app chucked from the tier. This is what Amazon does with their Android app store.
Tier 2 -- This is what would be the present state of the Google Play Store.
From here, phones should default to only allow Tier 1, and just like sideloading, tell the user that they don't just walk into Mordor if they want to use Tier 2.
This way, there can be a wide variety of apps, but users have a trustworthy source that is actively curated, and where there is zero mercy shown for developer shenanigans.