Huh... no.
Certificate update is *certainly not* binary code installation.

First of all, it's not binary, it's a collection of text files (containing base64 data, so not even full ASCII).
And most importantly, certificates are not executable code. They are just static data.

They can be sagely transparently updated without being a remote access risk.

x509 has already been b0rked numerous times. Just look at the slashdot archives: there are a number of case where:
- stolen keys were used to sign malware
- a "legit" certificate was obtain from a CA for nefarious purposes.
(by "legit" I mean that it's a valid certificate signed by an official Certificate Authority. It's 100% legit as the identity signed there is completely wrong. Like a malware compagny getting a certificate issued for "Microsoft" by some obscure CA which isn't the one Microsoft is using, and which is ready to sign a certificate with "microsoft" written on it, even if the guy handing the certificate is you and not bill gates)

That has so often happened, that:
- Some CA were plain black-listed. I don't mean that a few such bogus certificates were revoked. No, I mean that some vendors (linux distribution, opensource software, etc) have decided to say "fuck you" to the root certificate of such sloppy CA that can't be trusted with the key they sign.
- There are several firefox extension (like "Certificate Patrol") which specially track when the CA who's signed the site you are visiting: if suddenly https://google.com/ isn't signed by "Geotrust" but by "TurkTrust", it might that you are infact being "Man-in-the-Middle" 'd by a crook who has managed to get a certificate for "Google" signed by "TrukTrust".

I'm not speaking about "Hypothetical Attack Vectors" which are currently debated by the academics and which could be used to create problems.
I'm speaking about actual occurences, documented in the press and reported here.
Several actual cases.

If any random crook can do it, chances are that CIA, FSB/KGB/TchK, MSS or any other government can pull the same trick.

The fact that none of the file of Snowden mentions it (and I doubt it, I'm sure I've read about this somewhere) has probably more to do with random chance (not worth mentionning on any of those particular documents, or any of the mentioned cases happens not to use a bogus certificate), than officials not being able to do it.

I agree with BarefootMonkey:
- with actual money (and all its electronic imitations, like gift cards, bitcoin, etc.), the control can't be delegated to someone else. Either you have the token, and you decide to spend it. Or you give the token to someone else, and that someone has 100% control on whatever happens to that token (spend it, keep it for later, etc.), but can't do anything about the other tokens still in you pockets.
- with credit cards (and all electronic equivalent, like TFA's google wallet), you give credential to someone else (kid, google, app, whatever), and that someone has suddenly full power to take AS MUCH money as possible until the blocking limit of the credit card. You give a kid the card so the kid can buy a 1.99$ app, but then with the same card, the kid can also buy 200$ worth of in-game bonus.

So indeed, with a cash-equivalent (like a gift card), this situation wouldn't have happened.

Possible way would be:

* Purchase limit. Currently only a timer keeps user logged in (30 seconds). Google could easily implement a "spend" limit (after 20$, CC owner needs to log-in again, no matter if we're only 2sec. into the 30 sec. timer).

* Gift card. Parents buy electronic coupons for 20$ to their kid and let the kid have fun. Once the kid has used up the coupon, well sorry kiddo, you used all your money. ( - This actually helps the kid realise better how things work with cash flow. The kid can notice that there is a limited amount, and that it runs up)

* Cryptocurrencies. I'm not kidding. Bitcoin and co were actually developed exactly for that, exactly to introduce cash-like behaviour. Except for security compromises, bitcoins can't vanish out of your wallet software without your intervention (just like cash can't jump out of your pocket unless a thief is involved).
If you transmit bitcoins to someone else, that someone has full power over them (as noticed by some suckers who left all their coins in exchanges or other on-line wallets that vanished afterward), but can't do anything about those still inside your software wallet.
The only difference with gift cards are:
- gift cards are generally controlled by a single entity which decide over them and handles them. and usually (but not always) they map to actual currency (in some shops, you get a gift card for 20$. But in other shops you get a card for 2000 points, that you paid for 20$, but perhaps later you'll end-up acquiring 25$ worth of goods).
- bitcoins (BTC, the coins) are used on the bitcoin protocol that is distributed. Nobody centrally controls it, anyone is free to jump in and join the party, as long as they follow the protocol (saddly, the lack of regulation means that any crook could do it too. hence all the bitcoin powered scams). And the vlue of BTC are on a roller coaster (meaning that, although it works very well as a mean to "magically send cash over the intertubes", it does a poor job at storing value over time)

And unless the question's asker is working in the video editing industry, chances are that not much of these 20tb change on a regular basis.

It should be possible to build a 24Tb or 28Tb RAID-6(*) backup server, that could still quite a few daily/weekly/monthly/yearly backups, provided a space-efficient snapshot rotation system. (Not actually keeping separate copies, but either using a file-systems Copy-on-Write snapshots like BTRFS' or whatever is the ZFS equivalent, or using the old classic RSync+hardlinks).

The only thing that you don't solve is disaster resilience (you'll need an offsite replicate for *that*).

(*) At this size, hardware failure are going to be a certainty. RAID-6 (or ZFS's RAID-Z2) are the best solution against bitrot and for resilience against dead drives.

You're better off building a second server.
Then use one server as the live server (the one which access from the network to work).
and the other as a server.
- doing rsync and directory rotation [either ZFS/BTRFS/etc. snapshotting, or plain old rsync+hardlinks and directories] should work, specially that (unless you work in the video editing business) chances are that not a big chunk of the 18 TB change a lot. So you could invest into 24 TB of RAID-6 or RAID-Z2 and afford to keep a few daily/few weekly/couple of monthly+yearly snapshots.

Two things mentioned by others:
- The device is NOT projecting a virtual keyboard with a laser that you can tap with your fingers.
Instead, it lets you use *YOUR* finger as a keyboard and you tap them with your thumbs.
- "Projection" is a poor choice of a word. What the device do, is that it superposes a visual aid on the glasses' HUD to help with the tapping. But you're basically tapping your thumb against your fingers (the glass just puts some labels as augmented reality to help you).

So you see that this patent has absolutely nothing to do with virtual keyboard.

Instead, it's got a much more older prior art:
This way of data input is *VERY* closely related to ancient for of finger-counting in base 12 (probably has been used historically in most culture which count in "dozens") where you count phallanges with your thumb.

According to Wikipedia: apperently this method is still used around in Asia, so no surprise that a korean company is trying to turn it into a data input method.

Half of *what* ?
Which *market* are you talking about ?

If you define the market as in "we will only consider high-end gaming machines", yes indeed, that is almost twice the numbers of gaming machines reported by steam (Linux is in the 1-point-something range).

If you define the market as in "the fraction among all operating system, no matter what" you'll see an overwhelming amount of opensource Unixes (Linux or *BSD).

In the average household, you'll probably see 2 or 3 machines running Windows (laptop and workstation), but next to them, there will be a plethora of hardware running an opensource OS:
- including things like modem / wireless router
- non-Apple smartphones
- playstation 4 (some *BSD derivative)
- SOHO NAS server, home media player, etc.

Linux will also very likely be the OS running on the web server hosting the pages you're browsing.

Linux will also be found in your University's cluster.

etc.

or at least, they won't be risking more money than they can afford to lose.
I mean bitcoin is a fun new technology to start experimenting with. And so it might be interesting for some to risk a bit in order to play with it.

But just don't act like those idiots ready to throw tons of money everywhere just on the vague promise that this one scam could help them make bazillions-USD-worth of BTCs.

Yup, in *theory* you know that a CAN bus is used for critical automotive functionality (say engine, ABS, power steering, or even drive-by-wire, autonomous steering, etc.)
Whereas the streaming should stay confined within the media subsystem, and both should be kept completely isolated from each other.
So it doesn't make sense to speak about successor of CAN bus technologies and media consumption in the infoteinment system of the car.
They are completely separate networks.
In theory.

In practice, you know pretty much that we leave in a world of product rushed into production due to marketing constrain. A world where, due to extremely flacky design, it's possible to hack a vehicle by abusing the wireless transmission used to report tire pressure.
So you know that lack of proper separation is bound to happens and you will end-up being able to hack a vehice by streaming a specially crafted video file, simply because the various ethernet networks aren't properly isolated from each other.

The *owning* itself might be achievable (and even that is going to be complicated because you need to own significantly more than other governments trying to achieve the same and non-governmental legitimate users)

  *BUT* even then extracting any meanfingful data is complicated. The more people use tor for anything else beside what you're targetting, the higher the noise level among which you're searching for signal, and thus the lower significance of anything you might try to analyse.
Beyond some point, your better of using a random generator, that is going to give results as statistically significant as what analysis method give out.

Remember, whenever you use Tor to surf for porn, not only are you protecting a bit your privacy, but even more: you're helping intelligence service drown under too much to be able to analyse Tor.

That's actually their plan:
- Use Tor for network anonymity
- Use OTR for content protection.

And they also have a 3rd step:
- Use the open source InstantBird. It's opensource so it's possible to make it secure.
(basically, yet another chat system that relies on Pidgin's libPurple. Like Adium and co)
(except that one runs on mozilla's xul, so there some code share with firefox, the other software that is bundled next to tor in their bundle)

And probably (not mentioned yet but likely to happen):
- Deploy some Jabber/XMPP server running as a ".onion" tor-only darknet server.
So people have additional choices next to the classic XMPP (for Google or Facebook) etc.
(Note: as long as you use Tor and OTR, and that you use a separate Google or Facebook identity when chatting, they are perfectly secure enough too. Meaning that they are probably not absolutely secure, but on the other hand, thanks to Tor+OTR, there is no compromising information leaking through them).

The fact that NSA dosn't have a monopoly on brains. The fact that research is done by advancing previous research (and rarely appearing out of the blue), and universities have access to the same historical previous research that secret researcher hidden in the NSA do.

And despite this, none of the academics working on it has been able to demonstrate any actual failure of principles behind Tor.
There *is* a prestige incentive to be the first research group to demonstrate an actual good failure. But until now, such papers have been limited to though experiment (if you could monitor nearly every entry and exit node on the network, and suddenly the traffic was very low [all the porn, all the chinese simply using it to communicate outside the great firewall, etc. all suddenly disapeared], then maybe it would be feasible to find some suspects by using traffic analysis. But that's not actually the case in real life. You can thank PORN for that)

Except that, in this case it wouldn't have required any *illegal* method (1) (2).
It would have required method which go against anything that is currently known in cryptography.

The cryptographic methods which form the basis of Tor are sound and unbroken as of yet.
Tor is sufficiently well designed to avoid bugs and exploits that might lead to leaks (Side-channels, etc.)
To actual crack Tor open, you need to beat modern cryptography.
And the NSA doesn't have a monopoly on brains, and modern research is (as always) standing on the shoulder of giant.
Public academic research has brains involved, and has access to previous research, just like the NSA.
Chance are, if researcher at the NSA find a way to break open modern cryptography, research in universities will end up discovering the same findings on their own too. If nobody in the academic field is suspecting any danger on modern cryptography, chance are that the NSA can't find way around it neither.

(That's why the Snowden revelations, although suprising for the general population, wheren't that much a surprise for the specialist in that fields: it's merely a confirmation for methods which were suspected for a while).

Traffic analysis can't help you to beat Tor, simply due to the latency of the network and the wide usage:
So okay, you want to monitor entry and exit nodes to match them. You got a positive hit on an exit node connecting to a known "enemy location" (an anti-government website), what next? Well, any of the entry node (not only those you're watching, but the other too) could have initiated the request, and that request hasn't been issued right now, but somewhen in the past, over a period corresponding of the typical latencies you see on Tor network.
So you need to be lucky that the entry node was one you're watching.
And you have to correlate your hit with *ALL THE TRAFFIC* from *ALL THE NODES YOU'RE WATCHING* over a *LONG DELAY IN THE PAST* (instead of exactly the same time). That's a metric fuck ton of data. Your important match is lost in a sea of noise. The 1 single contact to a subversive site is just lost under a sea of avarage users surfing porn and simply using Tor for the added anonymity and to circumvent restrictions.
You can't make a correlation, because there are simply too many orders of magnitude difference between the signal and all the noise to be able to make any significant and relevant statistics. Traffic Analysis can't help you get Tor down.

Until now, all attacks against Tor haven't been against its cryptographic basis, nor have been against its complex network. The attacks have been against stupid mistakes and blunders, like vulnerabilities inside the browser used to surf on tor (for exemple, an older unpatched firefox was used by some)

So intelligence services are able sometime to get some info out. But this isn't because of Tor itself (Tor didn't bring down Silk Road). It isn't because of Traffic Analysis either. It's because some users used an unpatched browser and got hacked, just like any other common driver-by attack.

Tor network can be trusted to keep secrets. Buggy software can't.

----

(1): Well except under weird legislation, where DCMA do apply and where breaking any form of encryption is illegal. So in the case of Silk Raod and USA, such methods might indeed have been illegal.

(2): "Illegal". Well mostly because you want to keep the first lead *secret* (either because it's illegal, or because it's a state secret). You know X is guilty, but you can't build a case because the method is illegal. So you keep watching the known guilty X, until he does other mistakes that reveal him and use these to build the legal case.

It would be better to call it "not traceable".
Here the meaning of "anonymous" being that NSA can't tie an actual identity to the peers of a chat (by using the already well tested Tor network), and that they can't eavesdrop into the conversation (by using the already well tested OTR standard).

i.e.: Bob1983 and Alice_696969 happily chat to each other about how much they dislike the current political situation in Kiev or brainstrom about better methods to circumvent the Chinese Great Firewall.

They might know each other on-line since a while, enough to trust each other to talk about such objects freely (they might or might not have already met in real life but at least they are not completely anonymous to each other. At minimum they are pseudonymous. That's important because the "socialist millionaire" protocol to weed out man in the middle attacks requires them to know each other at least a bit)

Thanks to Tor, none of the concerned government (or any of they allies) will be able to know if one of those holding these subversive discussion is actually a citizen inside the country.
Thanks to OTR, nobody beside the two chatter will be able to actually know the content of the chat.

A high quality sound system should be able to filter out such harmonics.
A very well designed sound system should be able to take any possible wave form, and play it without destroying anything in the process.
It's possible to filter out unwanted harmonics, etc.

The problem? Such a system would cost a few more bucks and laptop manufacturers are racing to the bottom for prices.