ISO images are likely not going anywhere, so having an ISO of the OS, coupled with an ISO of the decryption files is wise.
I thought of having a VM... but who knows what VM architecture may survive in 15 years, be it Hyper-V, VMWare, Parallels, Xen, KVM, Bochs, or others.
BD-Rs are good, as well as the newer archival grade DVDs (Verbatim UltraLife, for example.)
My vote is to not just use a single medium. Every storage type has good and bad:
1: Cloud storage is easily accessible and easy to use... but is potentially insecure, and the provider can go down taking your data with it.
2: SSD is fast and usable, but when it dies, there is zero chance of data recovery, long term, once the electronics bail the gates.
3: Tape is archival grade with extremely long lifetimes, limited lifetime warranties on media (not data stored), is fast, and has a high capacity... but tape drives are extremely expensive. There is also the issue of a standard to put data on and off, although LTFS helps mitigate this.
4: Optical is widespread with plenty of drives... but doesn't have much capacity, and some disks wind up with bit rot.
5: Hard disks are quite popular, easy to use, fast... but most have just a year warranty, and tend to fail.
6: Printing to paper is possible... QR codes are one way. There is a utility called Paperback (formerly named Paperbak) which prints files out. However, I have had issues with the 1.0 version and scanning back documents, although 1.1 seems to be a lot better at getting back data. Of course, this doesn't store much data, but paper burns at a lot hotter temperature than most other physical media, so it would be useful for storing recovery keys and such.
I recommend using redundant backup media types, combined with different backup programs, perhaps different encryption mechanisms (TrueCrypt, PGP, GnuPG, etc.) This way, if one can't find a backup or encryption program (I doubt you might be able to find a copy of TC in 10-15 years, but something that decoded PGP is likely to be around), there are other ways.
Backup utilities are also something to watch out for. Every program has a different way of stashing data. You don't just need the utility, but you will also need the license key for it... and even then, I've encountered consumer level programs which will still fail and demand an upgraded version before they might consider restoring data.
tl;dr, diversify. At the minimum, use an external drive with encryption for bare metal backups, and then have documents synced with a cloud provider (encrypted of course)... and occasionally burn critical stuff to optical media.
I just keep good backups. Encrypted, of course. With the fact that SSDs actually overwrite deleted data when the garbage collector decides to, deleted data tends to be -gone- for good.
Until it was killed, I had Google index my backups all the time with Google Desktop. It was useful at the time for finding archived files.
For real security, the client should just be "eyes/ears" for the server, similar to how MMOs are. This was true back in the UO days, and is true now.
At least phones and mobile devices are easier to track and ban cheaters because you can ban an account and if any new accounts touch that device's IMEI, they get auto-banned after a random period of time as well. A simple check for a su binary on Android or a check if one can write outside the app's directory in iOS will deal with rooted/jailbroken devices.
Another trick is to update often, preferably with completely different offsets for code and/or obfuscation algorithms so if a group is making patches for the game, they would have to be constantly after a moving target, even if the update just changes a constant or two.
Only problem with that logic is that EA and Ubisoft are quite successful right now, which only sets an example that extreme DRM, DLC, and releasing only a few hours worth of content and calling it a game is the way to earn money in the industry. Especially with consoles where there is a 0% piracy rate and the game developers control everything on that platform.
Of course, it would be nice to see another ID or Bioware. I'm sure there is money to be made on games with a long tail like Neverwinter Nights and NWN2 [1]. However, there just doesn't seem to be an interest to push in that direction. It seems that almost all newer games either fall into the bottomless pit of F2P-P2W or are part a mediocre sequel in a franchise. Even the SimCity app on the phone was all about IAP in order to make your city not suck.
[1]: Ignore the NWN OC... IMHO, that was more of a demo of what one can do with the toolkit than something playable.
Same reason why plumbers, electricians, HVAC workers, and vend a goat repairmen don't get offshored... it just costs too much to grab people off the boat, train them in US standards [1], then them licensed in the specific state.
Here is what I don't get: What exactly is a "solar job"?
First, there is the actual placing of PV panels. This is just physical moving of the object, dropping it into place and bolting it down, perhaps making sure the single or double-axis controller is calibrated.
Second, and this is the most important: Electrician work. PV panels, wiring to proper code, not getting high voltage across the nipples, getting power from the PV panels to the inverter or the battery charge controller (depending on if the person wants an on grid or off grid setup.)
Third is architecture and placing panels. Will the panels be too heavy for a roof, are they facing south, etc.
All these skills are not really just "solar skills", but items used from other occupations.
[1]: Since the US was the first country to go electric, the standards in place are primitive. Tesla's three-phase system helped things, and 120VAC was good for the time, but as metals and materials improved, 240VAC is a better standard overall because it allows for thinner gauge wires.
I like having all of the above:
All disks encrypted, which is mainly so the meth-head who breaks in and grabs the hardware doesn't have access to the data. Hardware can be claimed on insurance. Data opens up blackmail, extortion, and many other avenues.
Encrypted VMs as a way to isolate programs from each other, where I can keep my Quicken/QuickBooks in a VM, move it between computers when needed. Backup? Burn the
File based encrypted volumes as a way of stashing client projects, as well as stashing document backups by date before burning to CD.
Of course, it would be nice to have encrypted archives as well, when one doesn't need to hide the length of the files. PGP Zip covers this, but it would be nice to have a higher level of compression like xz, bzip2, or LZMA, as well as the ability to add an ECC record (similar to WinRAR), so if an archive is damaged, it has a chance of being able to be completely repaired.
My ideal would be to have storage and compute nodes interchangeable, and use something like vMotion to move VMs back and forth between local nodes and cloud based nodes. For example, if I have some VMs that do nothing most of the time (a VM that does quarterly/annual reports, for example), it can sit on a remote cloud provider until it needs to be used heavily... then moved to local computer/storage nodes. Once the reports are done, it gets shoved back to the cloud again.
On the storage side, async storage would be useful, especially for volumes that have critical data. At least it is a form of backup, even though there were still I/O transactions still in flight when things went down.
This functionality was mentioned in Windows Server 2016, so when the preview comes out, it might be interesting to see what MS has improved in this department.
Of course, this is assuming security issues are a solved problem... which isn't the case in real life.
The problem is that with those environments, you could find a way to export your data from the locked down computer somehow... even if you turned your database tuples into a very nasty
There is no physical access to the data in the cloud, and generally few companies will back up their data stored in the cloud... of if they do, the backups are stored in the cloud. So, in theory, all it takes is a bad guy to do a purge on the provider's side... and the cloud provider's client is now out of business.
Without physical possession, how can one actually say who is doing what with the data, and where it is located? For example, what keeps a US cloud provider from outsourcing capacity to a European provider... which outsources to a provider in a hostile country to the US.
At least with an IBM mainframe, you knew where your data was and could back it up. With cloud computing, all your critical business data can be destroyed or corrupted and nobody would be able to tell until it is too late.
I remember seeing one OSS company working on a generic API that works with whatever one's cloud provider of choice, so it doesn't matter what is on the backend, one can spin up a VM, provision it, do what is needed, then kill it. For storage, any application can use the API, and it deals with whatever cloud storage provider one is using (S3, Azure.)
I do worry about cloud computing as a whole for the open aspect, as well as the security aspect... just for the fact that once you lose physical access, you only have someone's word that their security is up to snuff.
Of course, once people are locked into a specific cloud provider, it becomes quite hard to move to a different provider or back to in-house. That is a concern.
With SCOM, SCCM, and in a Hyper-V world, SCVMM, it isn't bad. In fact, Windows Server 2012 and newer ship with Server Core on by default (not hard to get the full UI if you want), because one is expected to use management tools and PowerShell.
No UI (Server Core) is useful. One less subsystem that a bad guy can attack.
Same boat here. I did my programming for CS, earned my bones there.
These days, it is mainly shell scripts, but I do consult the camel if something more sophisticated is needed. If I had to do web stuff, I'll just probably go with mod_perl, although it might be better to do a more "web-centered" language for a larger project.
This is a double-edged sword. Once people are locked out of their cars, what is to prevent automakers from charging for the ability to go above 45, to go on country roads, to go outside of a state, have more stations on the radio, allow full use of the speakers, allow use of the sunroof, or many other features?
It would be trivial for automakers to license these features just to the owner... so the used car market would dry up, just like it did with used game sales and the fact that most content is from DLC, not on the game disc. Do we want to see automakers demand $5000 from the next person you sell your car to in order to have a software license to start the vehicle?
Look at the console market and how gamers are charged for virtually everything. Would people want that in their cars where they have to pay $100 a month in order to keep access to their climate control and radio? Remember, the car will come with a EULA and those have stood quite well in courts.
If you think the system is working, ask someone who's waiting for a prompt.
