That can be debated. A DYI NAS that does the job can be done pretty easily using RAID Z2 [1]. However, an unRAID appliance has some flexibility where one can add more hard disks as one sees fit dynamically without having to rebuild the entire array. Next to an EMC Isilon (which has 3+ nodes connected via Infiniband), this does the job quite well.

Maybe this is the next step up for evolution of filesystems, where an array can be upgraded (disks added/subtracted) without affecting the data on them. Of course, parity and redundant copies will be affected, but the data would still be usable. This would be nice on servers that are not SAN connected, so adding more drives to a live filesystem is something that would be done.

[1]: RAID Z only can detect bit rot... RAID 1 and Z2 can find it and fix it. UnRAID doesn't seem to have any measures to protect against this. The EMC Isilons do, periodically running their equivalent of a zpool scrub.

Even more ironic, proper security isn't really that hard or expensive. Most of the tools are already sitting there ready to be used, and tools like SolarWinds, Splunk, and adding IDS/IPS functionality to network devices is not budget busting. Heck, just SCOM alerts about the attempts at brute-forcing domain users sent to the right people's email would have stopped the Sony attack in its tracks.

In real world cases, this scenario happens:

1: Person loses their laptop/USB flash drive/storage media.
2: Someone finds it and examines it, or hands it to someone who can.
3: Stuff is found on there.
4: Front page news.

Just by having some form of disk encryption, preferably something that protects the entire machine (like geli)... that adds a large amount of security. A lost laptop goes from being a major corporate panic to becoming "just" a hardware loss, especially if the laptop has some mechanism like a removable USB flash drive or a TPM chip (which locks out for longer times the more failed guesses are attempted), and not just a passphrase that can be brute forced.

For most people, encryption is a no brainer. Turn it on, set a passphrase, forgot about it, except when after a reboot.

Now when people start mentioning rubber hose decryption (xkcd.com/538), this is generally not something everyone faces. However, there are other tools for that for plausible deniability, such as TC and its successors.

FDE encryption on a laptop that goes places should be considered a must, regardless of OS. Laptops and external media need some protection, and in most cases, the thief will boot the laptop up, see a FDE prompt, shrug, format the box, install a Windows variant, and pass it to another fence somewhere else to be sold.

As always, backups go without saying. Disk encryption and SSDs make this more important, because a TRIM means that the data isn't just marked as gone... it is -gone-, as in the physical cells has been zeroed out by the background garbage collector, and nobody is going to recover them. There are many ways to effectively back data up securely, and that is something left as an exercise to the reader.

Common sense says turn disk encryption on with a laptop, plain and simple.

I've been frequenting XDA Developers for a long time as well (since the Windows Mobile 5 days), and I've never encountered any deliberately malicious software. So far, the worst I've encountered was someone who had their directions wrong so that a flash to a recovery image was sent to the system partition (and even that was fixable by a reload of the factory RUU.)

What the parent said holds true. Read and search. If you do run into a problem, make the thread as detailed as possible, perhaps with screenshots. People are less likely to make snide comments and move on, if they see someone at least tried to do their homework.

It doesn't hurt to donate something to Android developers, ROM writers, and the people who write the rooting/bootloader unlocking code. Android is an ecosystem, and it doesn't hurt to toss something in [1].

[1]: One project I do recommend people at least toss something is XPrivacy.

One trick I learned is to format the machine completely (using the clean all command under disk part), install the OS of choice, load needed drivers and updates, and once it is in a place where everything is stable... then activate it, and save off a couple wbadmin backups.

Now, if I need to reload a physical Windows box, I boot the Windows media, format, then reload the image, and reboot. Back to how it was. I can always get fancier by having a USB flash drive with Offline WSUS [1] images so I can get all patches installed if I so chose.

[1]: This isn't a MS product; use at your own risk. However, it is useful for updating a machine with a limited or no Internet connectivity.

I hope you are right and I have missed some factor, but I just don't see how a trillion dollar industry will let itself be "beaten" with prices out of its exact control, just because fracking was able to get more oil on the market than was expected. OPEC controls the vertical and horizontal when it comes to oil prices, and all they have to do is slow down production at their whim, and prices will be back up, if not more. Non-OPEC countries will end up just following, and even if they continue to produce, they don't produce enough to significantly influence the market.

I would tell people to enjoy the oil drop while it lasts. This may be long gone by Memorial Day. Why? A few reasons:

1: China is a very thirsty nation. They are also extremely rich and about to embark on infrastructure improvements that make the US's highway structure look like building a McDonalds. So, the demand for oil will be from them. Yes, US demand is in the 1990s levels... but with China guzzling the oil barrels, total demand is a lot higher.

2: Venezuela leaders and others are in Russia today. People forgot about 1972 and 1973 and the US oil embargo, which destroyed the economy until the 1980s. This can easily happen again. OPEC tends to get the prices it wants, and even though fracking might have increased supply, most of the wells done this way are depleted or near depletion, so the "golden" era of this is ending, especially with states like New York banning it wholesale. So, supply will go back down, and OPEC will ensure it stays down.

3: China is building their own canal across the Americas. This way, they can get their oil from Venezuela a lot more easily, completely bypassing any influence from the US.

4: Congress changed. Already, the solar subsidies are on the chopping block, and in January 2017, it won't be a surprise when the next President yanks the solar panels off the White House. Big Oil is now firmly in control of the US again.

5: The Keystone XL pipeline and a repealing of the ban on selling US oil overseas are pretty much guaranteed to happen. This means that any US oil will be trading at world prices.

6: As always, we are always one incident from price spikes. Should someone have a heart attack at a refinery, prices for crude will be back in the triple digits.

7: Alternative energy has grown, but most people's cars are still fueled by gasoline or diesel. If we had more electric cars, they effectively run on solar, wind, coal, nuclear, geothermal, hydro, or many sources. However, internal combustion engined vehicles require fossil fuel to run, and barring a major battery development, will continue to do so.

To, tl;dr... it is nice to have gas prices as low as they are, but they are going to be back to what they were in 2008, if not to $5-$6 a gallon by the summer. Oil prices are controlled by supply and demand, and demand is high due to a thirsty China, and supply is easily removed from the market.

The header injections work no matter what. Visit lessonslearned.org/sniff as proof of this.

It isn't too tough to fix -- use an encrypted VPN.

The ideal is to have the router on its own bare metal, perhaps sitting on a hypervisor (Xen, ESXi, pick your poison), so if the router's VM gets compromised, the bare metal hardware cannot be attacked (video cards can be reflashed, even keyboard firmware can be augmented.) Plus, if snapshots are used, it can be restored from a snapshot if need be. Modern type 1 hypervisors can be well locked down so that compromise from a VM is extremely rare, especially if the management port cannot be touched from any of the VMs on the hypervisor.

Another possibility is to use vSwitches and have your fileserver be a VM, with the PFSense instance being connected to the VSwitch that the external Internet NIC is on, as well as an internal VSwitch for the file server, and the internal LAN. One can get fancy from there, and create three vSwitches so one can have a working DMZ. The advantage of virtualizing everything is that hardware changes are easier, and "oh shit" mistakes can be partially mitigated by wise use of snapshots.

That is an OK guide, but I do disagree with the "are past messages secure if keys are stolen." If an attacker gets messages, and then snarfs keys, there is at best obfuscation in place that can protect the messages.

Of course, there can be mechanisms to have keys that are ephemeral, such as having one's main public key be a signing key, which is used in a D-H transaction to generate a temporary set of public/private keys, and when the parties are done with the conversation, dump the temporary keys on their endpoints, making the messages unreadable.

I personally like keeping the encryption process separate from the messaging protocol. Ages ago, PGP Desktop use to be able to sit atop of AIM, MSN, and other chat platforms, offering transparent encryption completely independent from the messaging program. The advantage of this is that one can "pack their own parachute" when it comes to trusting keys, and that it would take companies colluding to push out a ninja update to both steal encryption keys and messages.

RS/Tandy had some absolute gems though. The one thing they had with their machine which no PC has since done was having a usable copy of DOS in ROM.

This is a very simple thing. If a PC had a ROM image of either Linux or a BSD, or even a Windows PE image with recovery tools, it would make life a lot easier for support staff in general. Add hooks for iLO support, and it would be a big asset for IT, even if it is just booting into the recovery OS to wipe the drives to repurpose the box.

For the individual user, having a recovery OS would be extremely useful. First, one can run AV tools to scan and find rootkits. Complete, bare metal backups would be doable. One can do a disk scrub to look for errors without worrying about interfering with what stuff is in use. If a HDD is going bad, and it can't be booted from, one can dd a disk image before the drive completely dies.

I am actually surprised that no modern PC offers this. SSD isn't that expensive, and a recovery image can easily fit on 4-8 GB of space. If a PC can store firmware, it can store an OS recovery image and have it available.

Of course, an ideal would be a recovery image, and another image for reinstalling the OS (or perhaps both in instance, similar to how Solaris 11 ships.) That way, no matter how severe the HDD failure, the machine will always be usable.

I try to stay out of the systemd fray... but it goes against the core of UNIX... which is the KISS principle.

Init should start tasks, possibly stick them into jails or containers, and set resource limitations. Having something do everything including the kitchen sink is just asking to get hacked down the road unless millions of dollars are spent on source code audits.

As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into /etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on /. about systemd, to the point where people are even forking distros just so they don't have to deal with it.

It would be nice to see a return to wired networking, just because it is a lot harder to hack (requires physical access), and it is faster. There is no way a Wi-Fi adapter can handle what even an eight port gigE switch can deal with.

Ironically, I'm seeing combined devices with newer SAN offerings. If you have a FC HBA, a CNA card, or even just a plain NIC, the SAN will be happy to do fiber channel, FCoE, iSCSI, NFS, CIFS, or WebDAV, all at the same time. Cutting the cord might be nice for tablets and smartphones, but for real speed, it requires a cord, even if it is a copper wire.

The tablet market is pretty much saturated.

The desktop (as in role... this physical machine can be a laptop, a desktop, a server, or a tablet with a dock like the Surface Pro) machine isn't going anywhere, and has plenty of room to grow.

As for a market, it is actually surprising nobody has made a LAN version of OnLive where the video commands are sent to a rendering server, and streamed video is sent back. This way, each device on the LAN can have a decent framerate for video without needing large amounts of GPU present.

Of course, backups, centralized storage, virtualization, IDS/IPS utility, and many other items have not even been scratched in the home LAN arena, so there is still plenty of room for a company to grow with basic items like that.

This raises a question:

Why do we have these non-standard wireless keyboard protocols that have unknown (if not nonexistant) levels of security, when BlueTooth is a widely accepted standard, and has proven itself quite robust to attack (it isn't perfect, but BT 4.2 is pretty darn secure.)

Why doesn't MS and other keyboard makers bundle a BT dongle ($10 on Amazon), and go with a tried/true standard? If the keyboard supports USB for charging, then pairing is definitely not an issue. If not, it can come pre-paired (similar to how Apple pairs USB mice and keyboards when they are shipped with iMacs), or one can use one of many pairing methods.

Going with BT not just means that there is actual guarenteed security in place, but there are facilities for running at low power levels and not having to maintain a constant radio connection.