For desktops, I end up doing similar, and building my own (for my personal use.) However, for laptops, it is good to go with a brand's business line (not consumer junk, but business tiers that actually will offer decent CS). Similar if one needs desktops for a company (since for accounting and auditing, it is good to have machines that have similar hardware or one easily trackable model ID.)

Of course, for personal laptops, there is always Apple. Even if one installs Windows on it (easy to do as it is a UEFI machine), the hardware is quite solid, and for individuals, Apple CS is quite good. Businesses and the enterprise, it is a different story.

tl;dr, there isn't really one fix for this, but in general, avoiding consumer-line stuff like the clap is the best thing one can do, either by building one's own machine, buying the business/enterprise tier, or going Apple.

Even on Macs, I prefer to zero out the HDD and install completely cleanly, as a matter of course [1]. In fact, on any hardware, be it POWER7, SPARC, x86, and others, zeroing out the storage and installing clean is a good idea. This not just ensures that one has a clean OS, but anything that was stashed previously is gone. No cruft, no oddball transient stuff that might have accidently wound up on the HDD during QA or testing (assuming the box was tested), just a working OS (hopefully.)

[1]: It isn't hard to download the install image of the latest OS X, write it to a USB flash drive, then use a Linux drive to boot, TRIM the entire SSD, boot from the OS X drive, and install from scratch.

If it isn't firmware level, a blkdiscard /dev/sda on a SSD should purge anything for good, and definitely not recoverable by any known means.

I'm the same way. The recovery partition is just a chunk from the HDD, so malware can easily seize control of that. Plus, I prefer server operating systems (paid for, of course.) Some laptop makers like Dell can ship a business-line model with a server OS, and since it comes from the OEM, there is a good chance the OS can just activate from the BIOS certificates. I have yet to see a machine shipping with a server OS have any crapware on it, other than maybe some administration tools.

I wish laptop makers could do what Tandy did in the early 80s... put an OS instance in ROM. Have a read-only SSD section set aside that would boot up Windows PE or even an image of whatever Windows edition came with the machine, with drivers merged in as well (easy to do with Vista and newer's WIM functionality.) This way, the box can be completely reinstalled and barring a flash of BIOS or other firmware, there can be high confidence a malware infection is eradicated.

The only AV products I've found which actually do anything are SpywareBlaster and Malwarebytes, because MB actually blocks by IPs, and SpywareBlaster doesn't actively run, but sets kill bits and blocklists in browsers.

However, with an adblocking browser extension, Web based malware should never hit your system in the first place, and with click to play functionality, should not have a chance of being activated... and with a VM or sandbox, even if the browser does get compromised, it won't get past that.

As for Android, the weakness is that a lot of Chinese stores have little to no curation or filtering out bad stuff. Google does a decent job in stomping out the bad stuff, but I still think they need to go with two tiers, one tier as things are currently, and one tier where developers have to agree to more stringent rules, and the software has to pass more tests... that way, if a user sticks to the more curated tier, there is less chance of an infection happening.

One note -- the exploits we read about with Android almost always are related to either pirate repositories or "app stores" with little to no moderation. Even something like Cydia's ecosystem would be highly unlikely to have malware like this ever hit it it in the first place, and if it did, the devs would have it pulled in minutes to hours.

As for AV software, I use it on machines to make legal eagles happy. I've yet to see it actually actively stop a compromise of a machine. At best, it is good for scanning for 1+ day stuff. The real defense are the IP blacklists, hosts files, kill bits (SpywareBlaster is quite useful), Web browser extensions and click-to-play. The best mitigation if an infection happens are sandboxes (SandboxIE), virtual machines, and jails. AV was useful back when one scanned a floppy with the latest copy of Doom on it, but these days, it is more for the checkbox in paperwork than actual protection.

Even wiping the box may not work. For example in the case of LoJack for Laptops, there is BIOS support that can get a machine to reload the utility even if the main BIOS is reflashed and all media (hard disks, SSD, etc.) are erased. In the case of this product, it can be a good thing, but this same technology that can protect a laptop can be used to reinstall spyware.

Sad thing, the PIN part here in the US is optional. However, it does stop the sales clerk who swipes the card and uses it for mail order stuff.

As for mail order, I'm sure Visa/MC will continue to have a web object that pops up, asks for a PW or PIN, which is used for shopping via the Internet.

Is this a security increase? Yes, and much needed. Cloning a chip is a heck of a lot harder than writing down numbers or writing a magnetic strip on a blank.

However, because PINs are an option in the US, it won't be as big a security boost as it is in Europe.

I wonder if the latest generation of filesystems like ZFS, btrfs, and ReFS would be useful, so a corrupt file that wasn't completely written would be detected by the FS during a background scrub or garbage collection task. With RAID-Z, the corruption can be found. Z2, the corruption likely can be fixed.

There are some reviews of SSDs on the Net about what drives can stand the most in the way of being depowered while writes are in flight. The one thing about the review is that the Intel enterprise SSDs did not lose data or go into an unusable state. This was a few years ago, so I'm hoping that other drive makers have caught up, so a dirty power-off won't mean the entire SSD is destroyed... because recovering an SSD is orders of magnitudes harder than looking at the stored magnetic domains on a HDD.

The thing about SSDs is that backups are even more important because once the electrons are out of the gate, that's it. Data is gone.

The price is dropping. I'm seeing MacBook Pros ship with 1TB of SSD. It only is a matter of time before external SSDs become the storage medium of choice, just like USB flash drives are for small scale storage.

As for HDDs, I can see them winding up being re-engineered to be more for archival and backup storage as opposed to the role an external HDD does now.

The funny thing is that the random kicking of doors, breaking of clay pots, and killing anything that moved, was not the standard trope when I started. I am showing my age, but if PCs tried that in a town, the local watch would be on them in no time. If the PCs dispatched the watch, then they would be marked as bandits, and everyone and their brother would be going for them for the reward (and I'd have the "escape from the royal gaol" campaign at the ready.)

There also wasn't the element of opening a box and pulling out a +20 sword of omnislaying. Original 1E source had almost any magical items difficult to get, and highly coveted. That +1 sword may seem like a joke... but it would be the only thing that could damage various undead. Without it, it would take pouring holy water on weapons in order to have any hope of dispatching anything but a skeleton. A wight or wraith was unkillable by almost any melee, and required a wizard or cleric to hurt it.

With newer rulesets, it is easy for players to make magic weapons... but was lost is some of the original AD&D fantasy lore -- that magic was a rare phenomenon, and not really visible to the average level 0 or 1 human that wandered the surface.

I've never been a fun of TPW (er, TPK). This almost always causes the players to lose interest in the entire campaign. Of course, there was one thing about PCs dying and sub-plots to go out and get the crispy-crittered rogue back alive... but a wipeout did more harm than good... ...Unless it was scripted. I've used TPWs as a tool to further a campaign, which made things interesting, as opposed to "everyone hand me their character sheets and roll another level 1".

As an old school DM, I make the "trap" category fit the premise. As stated by the parent I'd have "traps" be a magic mouth that calls the guards. I also might have a "puzzle" that would be solvable for XP. For example, trying to "liberate" a magic sword from a statue. Sometimes I'd bring in a real life puzzle for the players to solve, just as a change of pace.

Of course, traps do come in handy. Grimtooth's books were fun, and I'd have something there so the players can think they outsmarted the DM, especially if it is a party killer.

I ended up keeping my campaigns dynamic (since my job as DM is to keep a running storyline going and the players entertained). Sometimes a trap might wind up running the PCs through an "escape" or "get out of this pocket world" campaign.

I have used dungeon generators in the past... but what ends up is something that has to get honed to a point of suspension of disbelief. For example, random square and round rooms might have been fine back in the 1980s... but these days, a cave should have cave rooms... unless there is a reason why something or someone decided to carve out a perfectly rectangular room.

Maybe there is still room for dungeon generators... but ones that can keep in mind a gestalt, an over-reaching premise for the level. This is a solved problem (D1/D2/D3, Torchlight), but for a paper/pencil campaign, it would be nice to make a dungeon, and have it hold together with some global rules (for example, the king's bedroom will not be directly off the kitchen in a castle.) This, and have levels in a round keep have the same spots for the stairs as the place downstairs. One level having 1,1 for the stairs, and the next level in the keep having 20,20 just doesn't make sense unless there is some magical teleportation involved (and this can wind up being too much of a cliche.)

It might be something a college student might be able to devote time and effort to. Obviously, it won't pay directly, but after graduating, being able to point to a module in the kernel with one's name on it is a good way to find jobs, since there are a lot of companies that need niche programming needs (good luck getting a H-1B fresh off the boat to make usable, bug-free code for SCADA, life-safety, and limited environmental systems. Even pushing code to FPGA cards is something that takes some work, as you are not going to find a cookie-cutter MCSD who knows Verilog/VHDL.

There is also how it gets read. There are languages out there which at best there are a few words decoded, since there was not a Rosetta Stone offering a decent translation.

Take something relatively simple... an all text PDF stored on a MFM floppy disk. There are so many layers that need to be explained, from the placement of magnetic domains to soft/hard sectoring to what encoding mechanism is in use, to what letters correspond to what bit streams, to the filesystem and PDF format. This all needs to be somehow explained somehow for a future society to decode stuff.

To boot, it has to be placed with redundancy in mind. Some civilizations destroy everything in sight. For example, the Aztecs and Incas wound up with every single piece of paper burned because their culture was pagan. In modern times, the Taliban destroy other cultures (Buddhist statues, film archives.) Placing redundant libraries, with varying difficulties of being found (be it in sealed containers under the sea, in inaccessible glaciers, in the desert) may be the best thing to do, so if a future culture is repressive and views everything else not theirs as something to be destroyed... the culture after that one that might be less xenophobit still has a chance of recovering archives.

Same here. One of my biggest gripes in IT is the "for someone with a hammer, everything is a nail" philosophy. For example, a MCSE wants to toss everything on a MS solution. A Big Iron person will have a zSeries solution. A UNIX person will have Linux or Solaris. It could be that the best solution is not one that a consultant is familiar with.

I see this almost everywhere in IT. The Windows guys have some Linux servers or appliances, and they sit unpatched because nobody wants to touch them. The Linux people just have all the production Windows boxes fetch patches from Windows Update instead of using WSUS. The Hyper-V people wonder why the heck the VMWare appliances ask for so much RAM without realizing VMWare has the ability to deal with overcommits.

The hard part is finding people who have enough of a clue to know that their favorite solution is not the right one for a job. Mistakes because someone likes one RDBMS or loves NoSQL based DBs for everything, even rigid financial transactions [1], can be extremely costly.

I see this in internal enterprise apps. The SolarWinds people, versus the Splunk people, versus the SCOM guys, versus the Xymon guys. The people who loved one PC maker's servers coming into another shop that uses another PC maker's stuff, and then tossing the existing PC maker's servers for no real reason, other than lack of knowledge about them.

Once an IT person realizes that all solutions suck, it is finding what sucks the least, that is someone who actually worth having on board.

[1]: MarkLogic is the only exception that I know of where a NoSQL DB is ACID compliant.