I've found that "business casual" means a lot of different things as per workplace.

When I first started at a call center ages ago, "business casual" meant the people on the phones had to wear a suit, tie and jacket, but there was the relative luxury that the top button could be unbuttoned.

Another startup, "business casual" meant just three layers of food in your beard.

Still another place used the expression to mean that wearing a decent golf shirt tucked in is OK.

Isilons are a cool technology. Take FreeBSD, add a custom filesystem (OneFS), link individual nodes via Infiniband, and let the custom code automatically select which nodes/drives to fetch data from. If a hard drive blows, it shrinks the array in order to maintain redundancy.

Of course, Isilons support deduplication, iSCSI (you create a disk image and mount that), and your NAS protocols of choice. If you set a hard quota, the presented directory can be configured to show the quota as the disk space present. Very nifty, and not that expensive for an enterprise array. Need more space? Add drives or more nodes.

For long term backups, Isilons support NDMP [1].

[1]: Of course, you can always connect a tape silo to a UNIX machine, write a script that SSHes into an Isilon node and pulls off /ifs/data.

Unless I'm completely hallucinating, I have set up MPIO on ESXi for iSCSI, as well as a LAG (link aggregate) for a NFS based backing store.

iSCSI has its place in the enterprise, and it can be used in production. If the NIC supports it, it can even be used for booting. How does it fare against 8GB FC? In reality, there are a few tasks which will saturate a 10GB iSCSI link or an 8GB FC link, but not that many.

All of these are just tools in the toolbox. iSCSI is easier to get going ad-hoc (but still be useful with MPIO), FC is well known and well used, and FCoE seems to be popping up because it works well with Cisco Nexus architecture.

Oracle has a SAN (well, SAN/NAS) offering which does similar with a rack of ports/HBAs that were configurable, assuming the right SFP was present. Want FC? Got it. iSCSI? Yep. FCoE? Yep. Want to just share a NFS backing store on a LAG for a VMWare backing store. Easy doing.

The price wasn't that shocking either. It wasn't dirt cheap like a Backblaze storage pod, but it was reasonable, especially with SSD available and autotiering.

I'm rather disappointed to see that this comment is so far down the list, but it's exactly right, as far as I understand.

The law itself isn't being claimed, but the notes and analysis are. It's the same analysis one could get by going to a library and poring over case history for a few years, but presented in a concise and topical format. You don't really need that information to know the law. You might need that information to defend yourself optimally in a court case, in which case the normal and reasonable expectation is that you'll hire a lawyer (even a public defender) or go to a library and figure it out yourself.

There were two forks coming from TC. CipherShed was another, but it hasn't been updated since pre-alpha, so it is probably good to pronounce it dead, so VeraCrypt is arguably the successor for TrueCrypt as of now.

If I were only worrying about Linux, I'd either use LUKS or perhaps a filesystem based encryption process like EncFS. EncFS doesn't provide as much protection (it does let an attacker know file sizes in a directory), but it is definitely a lot more flexible, and the encrypted files can be backed up and restored with ease.

The stego capabilities of Tomb are interesting. The print to QR code for backups for keys is also much appreciated.

For me, what is important in a TrueCrypt replacement is cross-platform compatibility. I could create a TC volume on a NAS with a Windows box, mount and toss some files into it with my Linux machine, then mount it on a Mac (obviously, not having multiple machines mounting it at the same time) for more items. VeraCrypt has kept this, and has added the ability to use TC volumes under W8.1, a long needed feature (well, if you want to actually see more than a permissions denied error, that is.)

I do think it is interesting how Tomb allows one to hide a key within pictures.

Of course, what would be nice for a unique encryption program would be something along the lines of PhonebookFS. Based on EncFS, it allows one to use multiple keys to mount a directory, each key showing a different group of files (called layers). In that directory are random, "chaff" files, just to keep people from guessing the contents of the directory by file sizes. The advantage of this system is that plausible deniability is always present.

I do applaud anyone who takes the "cypherpunks write code" motto to heart and actually writes something to benefit the community.

We should try this. For Science!

No offense or hard to you or your head intended... just curiosity regarding the terminal velocity and freefall aerodynamics of a quadcopter, especially when the object below it is rather delicate (like, say, a pool of ballistics gel).

Has such a situation been tested, since the introduction of tiny and lightweight devices?

As much as anything in law, yes. That is to say that it is the general case, but you still get the chance to argue about it in front of a judge* if following the general rule has somehow bothered someone enough to make a harmony-threatening societal problem. Let's break down your example by each fact.

Then you have no general expectation of privacy, but let's go on.

Ah, but now you've provided an indication that you want privacy. Now we have a conflict of general rules.

Sure, because you're in a public place.

No, because you've shown that you do not consent to their search... ...maybe.

It really depends on local precedent and established case law. Pretty much, if this ever comes up in a court, it would be a good opportunity to argue at length in front of the judge. On the one hand, you were in public, and you should be aware that any kid with a $50 toy microphone or $5 radio bug could listen to your conversation. On the other hand, the government is held to stricter rules (namely the Fourth Amendment) than a kid with a large allowance. If you're stopping for everybody, then you can argue that you aren't intending to obstruct justice or hide evidence of a crime (which might be useful justifications to sway the judge). On the other hand, you didn't check the park bench for bugs before talking, so maybe you didn't really care about more organized eavesdropping.

No, the argument is whether it is reasonable to expect that your conversation would remain private. That depends a lot on the extent to which you tried to hide your conversation, and the opinions of judges in the area. Different public places have different standards for privacy.

You can expect a pony, too, but the justice system doesn't need to recognize that expectation. Rather, the key word often omitted (including in my earlier post) is that you may have a reasonable expectation of privacy... and again, that depends heavily on the local definition of "reasonable".

In many cases, yes, and they do.

That is correct. If you don't care enough about your privacy to close the drapes, then why should the court care enough to punish someone who looked in? Now, if your house was very far from the nearest public area, such that it would be unreasonable to worry about someone seeing clearly through that window, then there's room to argue that, as well.

Yes. It sounds like a country where I am free to walk in a park without worrying about violating someone's privacy because I have good hearing, and where I am free to bring birdwatching equipment out to where birds are. I am free to look at my neighborhood houses, and I am free to leave my drapes in whatever state I wish. The price of that freedom is only that I must recognize others' freedoms as well, including their freedom to communicate privately.

It is usually the law of the land, though. Other laws (like the Fourth Amendment) may supersede it, but yet again that's an issue for the courts.

A very good idea. I tend to like "You do not have a moral or legal right to do absolutely anything you want."

It's fairly short, and sums up the entirety of the legal system and most moralities as well. In this context, having an absolutely private conversation in a public place counts as "absolutely anything", and you don't have a right to that. Always being able to eavesdrop on someone else's conversation also counts, and I don't have a right to that, either. With a bit less extremism, however, we can all get along.

* This whole post assumes a judicial process similar to what the United States has, and specific examples are also based on an American perspective.

I recall reading around 2012, Japanese researchers getting similar results on this study. It is good it is confirmed... but not groundbreaking research by any means.

I do agree that it isn't a remote root shell hole, but it can be combined with something like the SSH brute force vulnerability or another attack that can execute shell commands as an unfettered user... and then the box is compromised.

The good thing is that Macs have functionality similar to SELinux as well as sandbox capabilities via the App Sandbox. This should be something used by all programs whenever possible, since it allows the OS to isolate the program from the rest of the filesystem and OS, helping mitigate a compromised program.

Hopefully Apple can issue a fix in a short amount of time, because this is an easy exploit to use, and combined with something like a broken Java variant, could be used via the Web browser to hijack the entire box.

Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.

People are inventive. The Internet as we know it would survive if all the third party behavioral monitoring, tracking, ad-slinging, and shovelware/malware companies took a powder.

[1]: None of these solutions are perfect, but the current ad model can be abused as well.

The ad industry is a bubble. Look at the clickbait ads pushed at you constantly. Obama's HARP, reverse mortgages, asking how much your car is worth, "free" [1] $100 Amazon gift cards. Programs that are dodgy at best. "criminal background checks" that demand a ton of your info... then want $35-50 for the check. Yes, there are a few relevant items, but most presented are at best dodgy.

What they are selling are not ads. They are selling the data that gets slurped off your phone or computer, which is why browser fingerprinting, supercookies, add-ons galore, and other stuff are the norm. The ads are secondary to watching what the person is doing, 24/7.

[1]: TANSTAAFL. I read the T&C on a "free" offer, and it required subscribing to three different things on a gold/silver/bronze level, as well as many other hoops to jump through before you would even be considered for the card.

You pretty much nailed it. The good thing is that we have plenty of tools to help with compartmentalizing info, to the point where it is almost surprising to see them not used.

If it comes to a pissing contest of users versus IT security, the users will eventually win, either by cunning, or just telling PHBs they can't do their jobs... and if it is a guy out of sales who is making the numbers, the PHBs will listen to that guy almost certainly, since they view security has having no ROI, but the "quarterback" making the "touchdowns" is earning real money for the company. In the past, one could scare management by pointing out Sarbanes-Oxley laws, but those are pretty much not enforced (well, unless one is fishing over their bag limit and decides to hide their caught grouper), so that argument tends not to have teeth these days.