I wonder what the equivalent data are for iPhone to Android switchers. It could also be similarly high, suggesting consumers are switching in higher numbers both ways?

If I could only pick one, it would be Dynalist [0]. I know it's essentially just another webapp (with mobile apps) for writing lists, but for some reason is the first one I actually found myself using, both at work and personally.

I primarily use it to keep work logs, write high-level system designs, remember dinner recipes - or generally anything valuable or useful that can be expressed in list form.

[0] https://dynalist.io/

On my third XPS 13 now, each of which came with Windows, but I've been running Linux flawlessly on each since day one.

So not sure what the techs would be referring to.

This isn't strictly true. I know in South London that Tesco orders are not "picked from local stores by hand" - they're packed in and dispatched from the same enormous warehouses and depots that supply the stores, and there's some degree of automation involved (although not to the same level of Ocado.)

They only do that where there wasn’t enough room to build the home shopping distribution bays on the existing stores.

Not a misprint: https://www.adyen.com/blog/eu-interchange-fees-cap (good summary of the regulation and what it covers)

My assumption is that layouts/graphics are downloaded to the device, but application logic is run remotely.

Can't find any confirmation though.

The APK is downloaded and run on device.

How does that work if the APK is huge (or bigger than a couple of megs at least)? That doesn't seem very "instant" to me...

Is the APK re-arranged perhaps so it can, in effect, "progressively" download the app as required?

Yes, this is the idea.

That doesn't mean much half of the applications you install and run these days are just wrappers for web components where quite often the logic outside of the initialization is not in the app it self.

I use the standard hardware encryption of my SSD (a Samsung 830 in my 2012-era Dell XPS 13), which requires I enter the passphrase when I turn my machine on.

Advantages:

  - OS neutral
  - Seemingly as fast as running 'unencrypted' 
    (I assume performance is identical, the only
    difference being the passphrase is stored in
    my head rather than the BIOS)

Disadvantages:

  - Limited to an 8-char (!) ASCII passphrase
  - I've no idea how secure it really is
  - Can't audit the algorithm (not that I have
    the technical ability to)

That sounds like an annoyance, not encryption to me.

It's the 8-char password that I find absurd - that would take about 2 hours to brute force max.

I think hdd will wipe itself after N incorrect attempts.

So you copy the drive first.

Encryption is done in drive hardware, so copying the drive is possible via hardware attacks but would be a pretty involved lab operation. Would definitely take longer and require more sophistication than many in-practice crypto exploits.

Allegedly it's 256-bit AES and would take thousands of years to brute force. (Allegedly, because of course there's no way for me to easily verify!)

a 256-bit AES key might take eternity, but if it's derived directly from 8-char ASCII the search space is tiny. Somewhat does depend on how it's actually implemented in hardware, however.

Hopefully not like this: http://www.h-online.com/security/features/Enclosed-but-not-e...

That drive claimed 128 bit AES, but they botched it.

Or even better, the key is determined randomly, and the 8 char password decrypts the key.

The 8 char password does not decrypt the key; it unlocks/retrieves it. The drive will only allow a fixed number of attempts. Once past the 10 or whatever allowed attempts, an attacker needs to brute force the full encryption key. It should be a very similar scheme to what you get with a modern smartphone, such as a new iPhone. (Not one of the older iphones the FBI cracked recently, a new one with a Secure Enclave.)

What stops the attacker from just imaging the drive in its encrypted state and continuing to run attacks on the 8 char password well in excess of 10 attempts?

The drive controller does not allow you to read the encrypted form of the data out. This kind of drive-encryption is the same as the common ATA lock command (implemented in your BIOS and the drive controller), but the drive controller actually encrypts the data as well as just refusing to work without being unlocked first.

This relates to my "does depend on how it's actually implemented in hardware, however." comment.

This can be implemented in secure hardware (and without getting into attacks against that), you can make a password attempt, but can't modify the counter which tracks how many incorrect attempts have been made. Sufficient incorrect attempts will see the key material destroyed.

On Thinkpads at least it can be much longer.

It does actually encrypt your data, and if it's correctly implemented, it's fine. Those drives sell for a few years now and not a single exploit is known.

For most people this is more than enough.

You're correct, it's not going to stop someone who knows exactly what they're doing and has the time/patience/tools to brute force. But it is enough to stop casual thieves from stealing more than just hardware, which is (fortunately) my main concern.

Generally as you increase security you will lose usability and vice versa. It's about weighing the advantages against the disadvantages.

It reminds me of how I set a boot password in the BIOS on my HP laptop. I now have forgot the admin password in order to remove that "feature". I have no idea how I can fix it. The laptop is bricked. I can't install Linux on it because it is set not to boot from USB or CD/ROM

> I have no idea how I can fix it.

Just disconnect the CMOS batteries; you can find tutorials online. Or you can take it to a computer shop, it should be a simple fix.

Where are those located?

The grey coin-sized CMOS battery is alongside the motherboard.

I suggest you look at the many guides and videos, just search "removing BIOS password".

That will work for sure? I'd have to really start taking things apart.

Not for sure. That trick is kinda old.

I had a Pentium III based HP laptop that stored the password on a chip that didn't require a battery to evade such a trick. The only fix was using the backdoor password that could be generated by using the serial number of the laptop (HP required proof of ownership, but I had dumpster dived this from their offices). The backdoor password was retrieved by wiring 50 USD to a fellow in the czech republic who had the keygen tool HP support would use.

Check HP for the service manual for your laptop. This is generally a standard goal the manual will give steps for. Usually all you need is a screwdriver of the right size and a bit of guts to pull apart bits of plastic, though I find my confidence that I'm not destroying anything is greatly enhanced when I'm following the manual and have reasonable confidence all the screws are out properly.

Almost certainly yes. I have taken apart many laptops, it's usually not more than 5 minutes reading a guide/video and another 5-10 minutes of work.

I had the same issue with a second hand HP laptop. However, I could still log in as administrator on the Windows install, enabling me to dump the flash memory used to store the BIOS firmware and configuration, which included the password hash. Some reverse engineering later, and I was able to brute force the hash successfully. So that could be an option if the password is not stored in battery-backed memory, and you have a bit of time on your hands to get stuck into the BIOS internals.

What's the model number of the laptop?

Not exactly sure because I don't have the laptop on me. Do you have model specific advice I should know about?

He did put up a good opposition to the other party during that time though.

"Money" being Guardian Money, the section of The Guardian newspaper devoted to money matters that this article belongs to.

I see, thanks for the clarification. Ouch for the downvotes!

  During beta testing only binaries are available.

Why?! Surely this is the optimum time to provide source code, given the amount of trust one has to place in these things to not lose/misplace your data.

Especially when crypto is involved. Given the large number of completely broken cryptosystems, making this open source will give it a fighting chance to not be entirely broken.

Anything that handles critical data and sends it encrypted to third parties needs to be open source in this day and age or wont be used by people who take their data serious. Actually it doesn't even need to be sent to third parties to hit the open source requirement. Having crypto involved like you said is reason enough.

We're going to make this free for personal uses but not sure at this time what licensing model we should adopt.

As long as 'free for personal use' means 'closed source' then at least I would have a hard time trusting a tool backing up personal files into public cloud storage without transparency about how the crypto is implemented. I suspect that may also be the case for much of your 'personal use' target audience.

Since most HN commenters are concerned about the source code availability, we'll definitely reconsider the licensing model.

Please do!

The product & tech looks very promising. I'd hate to have to cross it off my shortlist due to trust issues.

Indeed please do! You're definitely scratching a very real itch here.

A thought: Do you think people would pay collectively (given the chance) like a fundraiser to publish the source, when a certain limit is reached? Maybe even pay the developer's bills that way? I wonder..