I would probably think a judge will rule about NDAs, and tend to rule in favor of businesses. Trade secrets have centuries of precedent behind them. Even if a jury is involved (as this is a civil issue), it would end up being appealed.

There is one concern of mine about this law: Shills for place "A" who post scads of bad reviews about spot "B" that are not in themselves defamatory, but a lot of one-star reviews add up. At the extreme, a place could try to pay people to visit review sites that are in other cities (and where they don't ever plan to visit) just to make one-star reviews.

Problem is that it can be stomped out in the US and Europe with some quick fearmongering. "Home bio-terror labs" is a phrase some politician would throw around, that would get laws passed banning biohacking almost immediately.

Of course, this this type of thing can be very useful. For example, the article about bacteria being able to make propane. If someone was able to make bacteria that could, given sunlight, split water, it would spark a hydrogen economy revolution. Similar with critters that could filter heavy metals out of water, where said critters could be easily picked up and disposed of.

Of course, the fearmongering isn't all conjecture. Someone in theory could make a bug that could eat a vital building material or resins crucial to electronics could make a civilization failure similar to what was described in the Ringworld series with their room temperature superconductors.

I wouldn't be surprised to see countries such as BRIC members, EU members, or other countries start trying to woo the best and brightest for economic gains.

It may not be profitable to do R&D in the next quarter, but governments will greatly profit in a longer interval. For example, Paraguay's stake in their hydroelectric dam might not have meant much in the next quarter when they went in with Brazil on building it... but it has guaranteed the country completely energy independence for now and the near future.

Government funding will still be around. It just won't be the US who hands over currency.

Once a good form factor is established, Apple can go one of a few directions:

1: Make it thinner.
2: Add more features to it. For example, using the MagSafe cable that attaches to it as a USB data transfer cable so the watch can be used as a USB flash drive.
3: Change the form factor.

The problem that Apple is going to face is that watches, for the most part, are something someone buys once and keeps forever. Antique Rolex watches for example.

People have been "trained" to toss their phone annually. Same with their tablet. However, watches are something that tend to be keepsakes and just not thrown away. This is where Apple may run into issues. For a few years, the market will expand, but once it hits saturation, it will be a lot harder to get people to replace their iWatch than the other iDevices.

People said similar about cell phones when the iPhone showed up and changed the form factor of preference from a flip phone to a smartphone. Before that, smartphones were for corporate execs or geeks. Further back, MP3 players were considered geek stuff, too esoteric to use by the mainstream person who was content with a CD Walkman. Apple changed that.

I will be genuinely surprised if I don't see a resurgence of watch wearing due to the iWatch. The Android watches are made out of cheap plastic, while Apple's offering is made out of decent materials and has a better fit/finish. It will attract the bling conscious, and once a rapper starts wearing one, everyone will.

The thing is that watches are pure luxury items now. If someone needs to keep time, even the cheapest burner phone has a clock on it. So, I wouldn't be surprised that they will wind up a status symbol.

Disclaimer: I own zero Apple stock. Just knowing that people are trendy, and Apple has already lead at least three major changes in devices so far, the most recent was the killing of the entire netbook market for iPads.

Of course, I may be entirely wrong about this, but IMHO, I think the iWatch will have a market.

Sybase is exactly the same. You can license it for development by the number of users, or production by the number of cores.

It can get so expensive due to the licensing model they use, that buying a POWER or SPARC machine actually saves money compared to putting it in a VM environment, just because of whatever the DB -can- touch for CPU cores has to be licensed.

I'm not sure about MS SQL server, but from what I read, it is pretty similar.

Of course, tossing in virtualization in the mix is fun as well. For example, if I'm sitting on two boxes with 36 cores, and run a relatively small Oracle instance for VMWare vCenter with one vCPU in fault-tolerant mode, I'm on the hook for 72 cores for the Oracle license. With the cost being around $60,000 per core for the enterprise tier, this can add up. Add to this something like vMotion HA where the license has to include every machine that -could- run the DB, and it can get painful even in the enterprise.

Oracle and Sybase as well have this type of licensing, unless something has changed.

IBM addressed this with POWER7 and newer in a fairly innovative way. They have an option called TurboCore mode which turns off half the cores. The ones still running can use the disabled core's caches, and because of the space available for heat dissipation, clock speed could be bumped up. The result was half the cores, but almost the same performance due to the faster clock and cache available.

I don't know a single cloud provider that would provide that contract. In other lines of work, there would be a third party escrow company. However, with a cloud provider, since decryption would be needed, the only way to provide any assurance is to have some backend appliances that do encryption and are rented, with a paid deposit that once the rental ceases, all keys are wiped. That way, a bankrupt provider would have all their servers sold, but the encryption appliances would be owned by another party. Of course, this may not mean much as it might be a fight wresting the leased items from the bankruptcy trustee, but in theory, it helps put at least a layer in place of protection.

However, I don't know any cloud provider who would spend the time and effort to do this, just because the current system of assuring people that "passwords", "encryption", and "firewalls" is good enough.

How would a cloud provider assure customers that their data will remain secure if they go bankrupt or just quit the business?

As of now, if a provider tanks, the servers go to the auction house, and in theory, are blanked. However, in reality, there is no assurance of that, and the buyer will get all data stored free and clear. If they wanted to do a multi-terabyte torrent of a failed bank's account and transaction data, they can, and nothing legally could stop them.

I personally have used Xymon with more than that many systems. It takes time to classify them, but it is doable.

The price is right on Xymon, however, if I were to recommend a monitoring solution for both real time, "oh shit" monitoring such as a drive array about to fail as well as a historical log (for security and finding a baseline), I'd go with Splunk if possible due to the tools available, and the fact that you can send management-friendly reports about the health of the enterprise up the chain.

Again, a monitoring server is one of the most sensitive boxes you can have (and usually one that isn't secure), so take the time to harden it and do it right.

I would elaborate on that a bit. I would have in the colo facility a Cisco ASA or other hardened appliance, and use that for the VPN connection.

I would then build a hardened server that accepts the stuff the parent points out, SNMP traps, syslog (both TCP and UDP), but I would recommend a tool like Splunk or a similar item. Splunk has served me well in my dealings. Once that is in place, I'd set up Splunk forwarders on critical machines for more detailed monitoring.

From there, I'd create a dashboard for realtime reporting, and a daily report detailing notable events from the past 24 hours. One can customize this to their liking. You can even have the reports mailed to you via the VPN to an internal site.

The Splunk server will need locked down, but if one is in IT, this is an assumed part of the skillset. I would at least leave SELinux enabled, enroll the Splunk server's SSL key in your PKI, and for the OS, enable SSH keys and two factor authentication. I might even consider placing the Splunk indexes on an encrypted filesystem so if the hardware is physically stolen, the data on your machines is protected.

Again, the thing to be careful about is the fact that so much sensitive data is on this machine, so it needs a separate firewall, and the box itself needs to be hardened.

Why should content protection be part of the Internet standard? Why do my devices (routers, computers, etc.) have to have built in DRM which will end up getting cracked, or at least possibly exploited from offshore?

This also is going to be met with a lot of suspicion. Who keeps the keys, gets to keep content locked, owns the license servers, and is able to come in via backdoors mandated as part of the protocol? The UN? Give me a break. China? Sure, we can trust them allright, provided we give them 51% ownership of any venture. It won't be the US because BRIC will sooner create their own network and completely split off.

I don't reject change... but what does this new protocol give me? IPv4 and to a lesser extent IPv6 have been torture tested, are completely open, and one can cobble together adequate defenses against attacks not too expensively (Cisco ASAs on the low end are a couple C-notes, and there are always smaller routers). A protocol based around DRM and content protection, stuff that is made to obfuscate and lock down is not going to be of any benefit to anyone but a few.

To boot, this seems like a complex mess. A network protocol should be brain-dead simple in order to reduce the attack surface, and reduce bugs. Adding DRM at layer 2 is at best will slow things down, at worst, allow the bad guys to hide behind bogus certificates.

Grabbing my tinfoil hat, I'm wondering if this protocol is something that will end up mandated within hours as soon as a "warhol event", or something more known as a "cyber 9/11" happens. I would not be surprised if this is already written and ready to be thrown on the floor as a bill on both houses the second some major security breach happens that causes catastrophic damage.

I'm seeing shades of the Clipper chip again, with the same problems. The bad guys getting access to the backdoors, compromising everyone in a way that cannot be patched, the bad guys closing the backdoors so they can't be investigated by LEOs... and the biggest losers are the good guys.

Does FERPA have any teeth in it? I've yet to hear about it actually being enforced. Similar with HIPAA, I've read about a slap on the wrist here and there after some medical facility had all their info lost. Even PCI-DSS seems to be more lip service than anything else, mainly CYA if that.

The only way we are going to see anything but miserable, failed excuses of security as SOP in the industry is if there are grave consequences for breaches, and not just XYZ company getting fined, declaring bankruptcy and reforming as ABC company (with all the assets owned by holding organizations), but actual "go to jail, do not pass go, do not collect $200" consequences on someone other than some low-level lackey who is still standing when the music stops.

Easy fix... one time pads. Tank number 128 gets a transaction, it decodes it using the OTP it has in a secure part of the controller, then blows e-fuses on the other equipment.

Since there isn't a need for public key encryption, having a remote site and the tank share a pad is feasible and as per basic crypto theory, if the key is as long or longer than the encrypted communication, there is no feasible way to break it. An attack would have to be done at the remote site, or at the tank itself.