The latest articles on DEV Community by Gambino (@gambino). https://dev.to/gambino https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3701915%2F156791f6-222e-4f28-9700-145aa001ebfb.jpg https://dev.to/gambino en Gambino Wed, 04 Mar 2026 07:29:30 +0000 https://dev.to/gambino/hardware-isolation-for-data-security-plugmate-any-alternatives-38n1 https://dev.to/gambino/hardware-isolation-for-data-security-plugmate-any-alternatives-38n1 <p>I work in finance, and most of my day revolves around handling clients’ private financial data. If this kind of information ever leaks, the impact goes far beyond one individual — it directly affects client trust and can create serious compliance issues for the company. Because of that, I’ve constantly been exploring different ways to store and manage sensitive data more securely.<br> Over the years, I’ve used quite a few encrypted USB drives — hardware AES encryption, fingerprint unlock, dual authentication. From a pure storage-security standpoint, they do their job well. But there’s always one unavoidable issue: at some point, you still have to copy the files onto a computer to edit, search, or process them.<br> And that’s where the real risk starts — once the data lands on a machine. As you open files on the computer, the system may generate cache files, temp files, or logs. Even if you try to clean everything afterward, there’s always concerns that one day you might forget to completely remove those traces.<br> Recently, I came across a product called PlugMate and decided to try it out. It’s not just a regular USB drive — it’s actually a standalone device that runs its own operating system. That means storage and processing both happen inside the device itself. The data never leaves the device, so nothing gets written to the host computer. No local copies, no leftover traces.<br> It actually reminds me of Windows To Go back in the day — although Microsoft no longer supports it. From what I’ve seen so far, hardware-level isolation seems like one of the most practical ways to reduce this kind of risk.<br> Curious to hear from others in similar roles — what are you using to avoid leaving data traces on host machines?</p> security mobile privacy date Gambino Wed, 14 Jan 2026 10:16:16 +0000 https://dev.to/gambino/exploring-a-hardware-isolated-os-shown-at-ces-2026-m9i https://dev.to/gambino/exploring-a-hardware-isolated-os-shown-at-ces-2026-m9i <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foqawsxpohw0azs8h66yt.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foqawsxpohw0azs8h66yt.jpg" alt=" " width="800" height="562"></a></p> <p>While browsing CES 2026 announcements, I came across an interesting systems design: a USB-sized device that runs a full operating system on the hardware itself.</p> <p>Instead of using a VM or container, the OS executes entirely on the device. When plugged into a phone or PC, the host only provides display and input. There’s no cloud dependency by default, and the trust boundary is shifted away from the host OS.</p> <p>This raises some questions from an engineering perspective:</p> <p>How would you evaluate the attack surface compared to VM-based isolation?</p> <p>Where do performance and I/O become bottlenecks?</p> <p>In what scenarios would this be meaningfully better than a hardened host OS?</p> <p>I’m less interested in the product itself and more in the architectural tradeoffs this approach highlights.</p> <p>(Background link from CES: <a href="https://plugos.net/news/2026/01/08/plugos-at-ces.html" rel="noopener noreferrer">https://plugos.net/news/2026/01/08/plugos-at-ces.html</a><br> )</p> architecture discuss security