I'm using iVPN with multihop to avoid traffic analysis. Excellent service. All my personal browsing is done from inside a VM which gets cleared at shutdown. For banking and other services that require to see your actual IP, I have a clean "banking VM" only for that purpose.

When are all these organizations going to learn that NO DATA should ever be on a mobile device? All access should be done through virtual desktops from secured, managed devices using strong authentication and mandatory access controls, period. This is not rocket science and the technology has been available for years. They only have themselves to blame.

I had similar needs about a year ago, including the fact that I was going back into network engineering after some years out of that field, so I wanted a flexible yet powerful setup in my home with focus on speed, security and flexibility make changes.

In order to achieve flexibility, I wanted as many components as possible to be in software. I already had 2 large diskless ESX servers connected to a QNAP TS-659 Pro II over NFS and iSCSI, so I updated my physical switch to a Cisco SG-300 20 and I setup link aggregation among all components effectively doubling the speed. The next step was to create purpose-specific VLANs. VoIP, home network, guest network and home entertainment systems are all in separate VLANs. Guest and home networks each have 2 Apple Airport devices setup as access points (not as gateways). Everything else is hard wired.

The main router and firewall is a purpose built Linux VM where I get to control everything in software. The cable modem from Comcast is plugged into the Cisco switch where it goes into its own VLAN directly to the gateway VM.

The setup has been up for a year. Minor updates have been applied to each component with very little disruption. I'm now starting to experiment with Nicira controllers for virtual networking within this environment so all future testing will remain in the software realm.

The evolution of OpenStack is analogous to Linux. Linux is basically a kernel, no more, no less. You need a series of tools around it to make it useful. The kernel with the proper tools overtime became "distributions". OpenStack is undergoing the same process. RedHat just announced their own OpenStack distribution, and several others like Canonical (Ubuntu), Nebula, StackOps, Piston, Rackspace, etc, they all have their own distributions of OpenStack. They are all trying to make "easy" the installation and customization process. Some of them tend to be more enterprise-centric and other ones tend to be more service provider-centric.

Since I'm part of the OpenStack team of one of the corporate members of the OpenStack Foundation, I've had the chance to explore many of them, and I'm most impressed by StackOps which seems to be the most flexible of all so far, although Ubuntu with Jujus is not far behind, specially if you enjoy the command line.

Overall, I see a huge momentum in the OpenStack community and the potential is there to create a true API glue that can finally unite all software components, from proprietary to open source under a single IaaS framework.

I'm with most of the posts so far regarding the despicable acts of the NSA, but taking the question more down to the technical realm, it seems obvious to me that security breaches coming from the inside of any organization can be mitigated by a more robust defense in depth methodology like this:

1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.

2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.

3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).

4. No printing, no emailing, no networking outside the proper security perimeter.

5. Regular audits and interviews to personnel with access to specific pieces of data.

You'll have to sacrifice convenience for security in environments that require that.

Whatever dude. I touched my first "VM" in CMS in 1987 in an IBM 3870 system and it was outstanding, eye opening. Virtualization of any kind has always been about the "illusion" of owning something that you really don't. Heck, even in UNIX-based systems a regular account was a form of virtualization in a time-shared Mini. You can make a case that NAT is a form of network virtualization. It doesn't matter. The experience that a student can have using a "real system" is what matters. It's not important if the system itself is shared or not.

The network? that can also be virtualized these days. Check Nicira if you haven't. Technically, it's perfectly possible today to have a single student (tenant) to create a set of VMs completely isolated from each other, regardless if the system is based on open source or not (or a mix).

Disclaimer: I work for VMware.

It's not the state that really matters but the Feds, and although these protections are nice and worth of praise, I keep all my *important* person-to-person email at a server in Switzerland with some of the toughest privacy regulations exist, and all things that are *really* important, are always, with no exception, sent and received using GPG, and retrieved via POP with nothing kept in the servers there. I'll keep my own email backups, thanks.

The funny thing is that I know I'm probably the most boring person out there with nothing important to hide, but I do it as a matter of principle, and so should you.

I've got my mom visiting all the way from Chile the first 3 weeks of June, so all the obligatory stops if you live in the Bay Area: Yosemite, Napa, Mendocino and the North Coast, and of course the majestic Redwood Fores. What a great place to live. For a geek is not only the hub of all that matters, but also as someone born with the Pinguins in the Chilean Patagonia, it's the absolutely most perfect place in the planet, where everything you want to see is ether a few hours drive or a short few hours flight.

I had the chance to eat deep fried crickets and ant eggs when traveling in Mexico. They were both surprisingly good. Once you forget *what* are you actually eating, it's not bad.

The folks at Mini Live Stock have been doing this for years, and there are several other underground movements on ths subject. Remember, they don't have to LOOK like insects. Some of these folks will make patties that will look and taste like hamburger.

IBM X-Series are fantastically well-built systems. I work with a lot of Fortune 100 companies and most datacenters have either HP or IBM for their tier-1 applications. The problem is that as apps become more stateless and more capable of tolerating downtime in different layers, the robustness, stability and even manageability of the server platform becomes less relevant. I think that's the reason why I'm starting to see a lot of low-end or even custom built 1U boxes and blades pop up in datacenters that otherwise would have purchased IBM or HP.

I think IBM is leaving the space because they see that trend and they can't effectively compete purely on price given their cost structure, while Lenovo has a better chance at making that happen. It's a simple business decision.

Even if it's not true "nano" scale, this technology could potentially enable the creation of micro drones the size of a mosquito. Imagine the potential...

1Password will do the trick. It works on almost every platform and you can access your encrypted items remotely via Dropbox with a fairly nice HTML UI.

One possible answer to your point is to use Parallax OS or a similar concept. I find very appealing the self-contained nature of FCAPS to an individual core.

Interestingly, they leverage Bare Metal OS and the coding is done mostly in Assembly (although C is possible). I think the fattening of all kernels is making these kind of projects look more interesting.

Not sure where do you actually live, but what you are describing is simply not true here in Silicon Valley. The industry is very hot and there is a lot of competition for talent. The more, the better, so your education and experience is far from a problem. And I'm not only talking start-ups, but even larger companies.

Now with the appearance of SDN (Software Defined Networking), all your networking skills will become valuable again. It's a new market with the traditional players will fight with the newcomers and innovators.

I know because I'm exactly in that business and I can't hire fast enough.

About a year ago I bought The Modernist Cuisine and recently, their new "At Home" book also. Remarkable compendium about food, tons of scientific data and exquisite photography. Just the photography alone makes it worth spending the big bucks the books cost.

What makes me bring this up here is that the book was written by Nathan Myhrvold, former CTO of Microsoft and probably one of the smartest geeks alive today, and yet, he chose specifically to do this work in paper because there was no way to provide a compelling experience to the reader that would reflect the nature of the work in any electronic format available today. I cannot imagine this book having the same effect in a Kindle, iPad or even a laptop screen.

I think the right model at this point is an intermediate one, much like Richard Dawkins' The Magic of Reality, which is published as a book (although they do have eBook and audio versions) but with a companion app that expands on the book. The App alone is not attempting to be a replacement for the book, but rather an extension of it. I'm fairly convinced that this is the model with the strongest business case for the current state of the technology.