I think part of it is a Robin Hood type of mystique. Someone anonymous having something that bypasses the establishment, similar to being able to sneak on the King's grounds and hunt deer without being drawn and quartered as a poacher... but Robin Hood is most often a myth, and most often, it could be someone like O'Brian from "1984" looking to see who dissents... or a mercenary who would then turn right around and hand the people with the deer to the Sheriff for a reward.

BitCoin does have its place. Right now, it is still in its "cool" stage so it gets used for everything... similar to how radioactive substances were put in bath water and soaps until people realized they got cancer and other unpleasant things by doing so.

GM has tried a decent hybrid system on their 1500 Silverados.

Where a hybrid system would be very usable, would be on the heavier duty pickups like the 3/4 and one ton models:

First, electric motors provide their best torque at near 0 RPM, which is quite useful.

Second, on a rural jobsite, if a PSW inverter is available, this would allow the truck to completely replace a generator in the field. Just plug the welder, saw, or other tools into that and use the onboard battery for that, perhaps running the IC engine to keep everything topped off.

Third, for farms, it might be economical to have the trucks charge and run on batteries, as it saves on fuel.

My question: Would we see this technology being used on the heavier duty series of pickups?

I've found 8.1 not that bad. BitLocker can be used to protect the startup drive without a TPM needed, chkdsk can be run on a drive without needing to be dismounted, Storage Spaces, ReFS, and deduplication are quite nice features. Even running BitLocker on drives without needing a key protector is useful, since a format command zeroes out the master volume keys, making data virtually impossible to retrieve. Plus, Hyper-V is a decent hypervisor (tier 1 hypervisors are relatively rare... especially ones which let you use the computer's main console for daily work.)

Only complaint I have is that 8.1 needs the same backup utility that Windows Server 2012R2 has. Technically both are wbadmin utilities, but the server version is extremely useful.

The ironic thing is that MS has nothing to lose. If they get pirates paying yuan for licenses, MS has a net gain.

MS will always make their numbers. If they fail in every other venture, they just do a price hike for their enterprise software, and they have more than made up for the losses. Most big businesses have made the move in the past five years from SPARC/POWER/PA-RISC equipment to commodity x86 machines, then from hardware to virtualization and VM farms... so it is highly unlikely there would be a move away from MS even if they double their prices for all customers.

A friend of mine tried that idea with another service. When he got nailed while on vacation, instead of the bank saying, "sorry, no funds" and stopping transactions, the bank still allowed it and added a hefty NSF charge onto each transaction. Even more of a kicker was the fact that he was out on vacation and didn't realize the negative quad-digit balance until he got back... and by that time, he got stuck in Chex Systems's database, which means you are pretty much fscked credit-wise (or even trying to get a savings account) for seven years.

Great, another ACH debit mechanism, which means that when a fraudster empties a bank account, it stays emptied because there is nowhere the protection present that a credit card has in place.

I would place this on the heap of "run, don't walk away from", also-ran payment standards like CurrenC... avoid at all costs.

Now, if they had used the Visa/MC credit mechanism, things would be different. Fraud wouldn't completely destroy an end user's bank account.

It would be nice to see some improvements in OS X security though just to keep ahead of the bad guys:

1: A TPM chip that can be used with FileVault 2 for additional protection (so a Mac can be set to ask for a boot password which can be a log longer than the user password.) The TPM chip would also combat brute force attacks. Since all Windows 8.1 certified machines have to have a TPM 2.0 chip, and Apple uses x86 hardware, might as well use this functionality, as it is pretty much built into all new PCs.

2: Apple should look into SED (OPAL SSC 2) functionality for their SSDs.

3: If Apple can't put in a Kensington lock slot, then why not they design something for basic physical security?

The goal isn't to keep away the guy with the blowtorch or plasma cutter, but so that one can be sitting at a table at a library, tie the laptop to the table, go use the restroom and come back, and the laptop would still be there. Yes, one can buy a PacSafe laptop bag that can be chained to an object... but shouldn't a multi-thousand dollar piece of gear at least have a little bit of design for anti-theft, even if it is a small piece of metal that flips out for a lock slot? Thin is in, yes... but Dells, HPs, and other laptop brands have similar dimensions of machines, but they can put a Kensington lock slot on their models.

Yubikey looks interesting, but I've used eTokens in the past (generated a key on a computer with FDE, imported the key into three tokens, then physically destroyed the HDD that had the key on it since it was giving SMART errors anyway), as a way to have physical security of keys (if I have the three tokens, I know the key isn't going anywhere.)

eTokens served me well, although it is impossible to find PKCS drivers for them for newer Windows and OS X versions these days.

They also serve as great ways to counter brute force attacks on a machine with FDE if using PGP's whole disk encryption (no token, no unlock key for the HDD unless one has a WDRT, or whole disk recovery token, stashed away.)

Two hashes are better because if one algorithm fails, you have a backup. However, with CPU and I/O time so precious in most cases, two hashes are not really feasible.

Were I going with an algo, I'd be using SHA3 or Skein, something that is as secure as one can get presently.

Depends on filesystem and device. One SAN vendor (forgot name, but sells all SSD units) purports to be able to dedupe code even if it doesn't align at the same boundaries. It does a block level dedup on a write, then has a background process which does the file level deduplication after the data is on the disks.

If this could be done in software (and hopefully not sacrificing performance or reliability), having every executable on the system static would simplify things on that level.

The advantage of moving to this is that is simplifies software management. No /usr/lib needed. It also simplifies file isolation since an executable can be given a jailed, chrooted filesystem without any need to worry that it won't have a core routine available. It also gets rid of the "DLL hell" which has not just plagued Windows, but also UNIX variants.

Isn't Update Cache similar to WSUS? This makes sense since LAN bandwidth is almost always a lot more plentiful than having every box pull their updates via the Internet.

AFIAK, Apple's updates are signed, so if someone does tamper with the update cache server, it will be detected.

IMHO, the perfect is the enemy of the good. Even though metadata is not protected, data is, so if Yahoo gets hacked, people's E-mail is protected.

One doesn't have to use their OpenPGP extension, nor their authentication. I'm glad it is available.

As for metadata, we already have a way for this. NNTP and alt.anonymous.messages. There is a DEFCON report on how good/bad this security is... but if you really want privacy, this is the next step up because the messages go to nobody in particular... just the newsgroup.

Overall, I'm happy someone is working on PGP/gpg stuff. It is boring to developers compared to shiny new (and likely insecure) stuff, and has been neglected for years, but it is one of the few security protocols that actually works and has stood the test of time.

Another idea that comes to mind is to use a feature that all web browsers have had for over 10 years (even Lynx) -- client certificates.

This way, on setup, the website asks the user if the current client certificate presented is the one he or she wants to use, then from there on, authentication is completely transparent.

It goes without saying to have SMS as a backup, but the absolute easiest way to authenticate on a "known good" computer is to have a client cert.

The ideal would be to use the standard TOTP method that Amazon, Google, EMC, and other companies use. The Google Authenticator is just one implementation of the standard, and there are others (Amazon has one, for example.)

I really wish Yahoo would have SMS as an -option-, but would allow TOTP as well. This way, if one has the seed keys in an app, they don't need to get a SMS, but if they are on a new machine, SMS still works.

You just hit the nail on the head. As of now, if someone steals my phone in an unlocked state, they will be able to get the second factor... but they won't be able to log into the account due to the password. What having just one factor does is make a phone theft all the more crippling where a bad guy can do a lot of damage.

2FA is 2FA because it covers at least two of these properties: Something you know, somewhere you are located, something you are, and something you have. For example, a secure biometric system uses the fingerprint/retina scan as a username, then a PIN for access, or a remote access system uses a password and a OTP so that if the password gets sniffed, the OTP is still an obstacle.

On the other hand, perfect is the enemy of the good. In general, someone is going to be less likely to have their phone stolen than to have their password sniffed or cracked, so moving to a SMS message can be argued to be a security improvement.