Is my MacBook really running an ntp daemon? Huh, yes it is:

$ ps ax | grep ntp
32950 ?? Ss 0:00.26 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift

How about that. When I first read this, I kinda figured it only applied to OS X server, and that on a normal Mac there would just be a periodic script that updates the clock via ntpdate. But it makes sense to have a daemon running, clock has to be accurate on wake to access network shares and the like.

I marched. I took the subway to get there, not a private jet. I know exactly what I was protesting. I didn't see any celebrities, just a lot of people.

I also left early, and had the eerie experience of walking two blocks to Broadway, where life was going on as normal. There was no indication that less than half a mile away there were hundreds of thousands of protestors. It was amazing.

There was a big increase in physical barrier installations around govt. buildings after 9/11, so the technology has had a lot of time to mature.

It's probably not a bad idea for problematic intersections, although you'd also have to have tow trucks on standby to clear the daily wreckage, and pedestrians would still get hit with flying parts or when cars jump the sidewalk to avoid impact with the barrier, or dash through the emergency vehicle gap that would need to be included.

Would be a LOT of fun to watch, until someone's kid died as collateral damage.

And you think, based on the revelations you've read, that your often-sensitive data is safer in a closet in your office? It's still accessible over the internet, and your CEO still logs in from any old airport wi-fi or coffee shop using his malware-riddled DELL.

I don't worry about Amazon, China, or the NSA sifting through my databases at night, because given the state of the State I don't think we can do much to stop them. I DO worry about power failures, water pipe bursts, exploding UPS batteries, dust, and clumsy janitors causing me to have to roll out of bed at 3am to go take care of an incident. If EC2 goes down, I send an email that says "EC2 is down, Amazon is working on it." and go back to bed.

At least with Amazon, you know you're being hacked by pros.

Think for a moment about all the things that any medium to large city needs to keep track of. Lights. Traffic signals. Parking meters. Fire hydrants. Garbage trucks. Water flows, valves, drains. Sewerage flows. Air quality sensors. Weather sensors. Burglar alarms.

It seems odd to pitch this for household use, when most of the use cases you can imagine are somehow privacy invasive or creepy.

But a network like this could provide an amazing amount of transparency and insight into the web of things that is owned by the public.

Attacker has control of my computer. I read a number off my MFA device and input it into the bank's form along with my username and password.

Now attacker has a banking session they can do whatever they want with. How has having a hardware token prevented them from attacking me?

I'm really surprised CrashPlan hasn't added a premium feature (like Amazon S3 has) where you can ship them a hard drive for import or export into their storage cloud.

I mean, never mind the upload speed. If you have 1TB of data in CrashPlan and your home or office burns down, it's going to take you several days to get all of it downloaded again. They should just be able to FexEx you a drive for a $50-$100 fee.

I believe that Google has probably fixed most of the technical issues that allowed NSA (and presumably others) to eavesdrop on data in their systems.

But a company with the size and scope of Google must be *riddled* with agents of various national intelligence services, not to mention corporate spies. Think about how many engineers they have hired and acquired in the last ten years. They are a big, juicy target for espionage. As is Amazon, Microsoft, Dropbox, and any other global-scale cloud provider with thousands of corporate, education, and government accounts.

Systems can be made resistant to attack from without, but can they also be made resistant to attack from within? Not likely. How many people on Google's payroll are also on someone else's?

And can you likewise assure yourself that even if one or more of your colleagues is an undercover government agent, then the statement is still true?

Thank you for your polite comment, but no I'm not looking for UEFI secure boot -- or at least, not JUST that.

With UEFI secure boot, the OS loader is signed, and that's a great start. But not necessarily the kernel, or OS drivers, or any other software.

So let's rephrase the questions: do you know of any Free Software toolchains that would allow developers to sign whole server OS configurations, and also make the signature and verification process transparent to end users of the server?

I write Free Software (GPLv3), and also open source software (Apache license) that implements various web services.

The servers where I deploy the software run vanilla Debian with no non-free packages. As a responsible developer and web host, I make all of the source code available to my customers and others.

The question is, how can my customers know that the code on my servers was actually built from the source code that I publish? Short of telling them to build it themselves on their own server, is there any way to guarantee that when they log into one of my web applications, they are using the same code that I have published?

I was intrigued on using a Chomebook for the first time that Google had managed to do something like this -- it wouldn't boot unless the kernel (and presumably all other software) was signed by Google. Do you know of any toolchains that would allow us to apply this to servers, and also make the signature and verification process transparent to end users of a service? Otherwise, how can we possibly trust any online service provider?

It has become increasingly difficult to purchase any general computing hardware that does not rely on proprietary software. Even if one installs a Free OS with 100% Free drivers, there is likely to be proprietary firmware all over the place: keyboard controller, network card, usb controller, video card, etc. -- that the OS doesn't have control over and the end user doesn't know about. To the best of my knowledge, there is no easy way to discover, verify, and manage these firmwares over time. And yet, there they are, just waiting to be exploited.

Do you know anyone who is working on this problem? How can we trust our computers when we have no idea what is lurking under the hood? Why isn't there a GNU Firmware tool that can ferret these things out and at least checksum them so that we can know if they've been tampered with, and/or replace them with Free editions?

I'm not saying you're wrong; I'm sure environment plays a part. But have you considered that one of the reasons why these things were "unheard of" until recently is that advances in communications have made it much easier for news of rarities to be widely disseminated?

The same kind of argument applies to cases of botulism from home canning. Prior to the 20th Century, if someone died from botulism due to home canning, it happened on a farm in the middle of nowhere and didn't have much effect outside of a family and some neighbors. It just wasn't on the radar unless you personally knew people who died that way. Even a doctor might only see a case once every 10 years, so it's not a big deal, right? Plenty of other things to worry about.

But when health records started being compiled for millions of people, it stood out as a problem. The government started programs to educate farmers and gardeners about proper canning methods. It wasn't that suddenly all the home canners got lazy, it was that information networks brought a relatively rare but deadly issue to light, and so we did something about it.

And look, there ARE more cases of allergies in cities. There's millions more people in cities than not, after all.

Do you know many parents? Everyone I know with kids is overly protective of them.

If my sister suspected her kid had a dangerous peanut allergy, there is NO WAY she would try this at home. It's not like bricking your favorite phone, the stakes are ever-so-much higher.

Well, that depends on the why, doesn't it? Sometimes a thing is only worth doing if it can be done on the cheap and easy.

Cordova gives app developers a fallback for clients who can't afford a native app, or who need to get a prototype up and running yesterday as proof-of-concept or to fund the next stage of development. It's also great for novelties and one-offs that just wouldn't exist if the development process was more expensive than coding a small website.

It also creates a business opportunity that shouldn't be sniffed at: "Hey, nice web app. Do you wish it was faster and better? Let us re-create it as a native app for you."