Posts by heyrick

Ummm...

If it is the client side scripting doing this, doesn't that imply that those with friendlier browsers can easily rewrite some of the rules and use whatever damn password that they want without this dumb nannying? Passwords should be known to the one using them and nobody else.

They used to do this with hardware

Video recorders - when they stopped being boards piled full of analogue circuitry and became a single board with a handful of ICs, you could sometimes "upgrade" it by altering links on the board. After looking at the number of heads on my drum, and finding a service manual, I was able to upgrade a cheap VHS deck to Nicam stereo and SP/LP. Seems it was cheaper to build "a video deck" and make the model differences by wire links on the board, than the expense of designing and building several completely different models.

Must be nice to fail to deliver and then sue to get paid.

Maybe Govt could counter sue for failure to deliver, for beeeeelions for leaving the country in an insecure state, blah blah?

Uhhh...

What kind of nut job actually brags about how much "evidence" has been gathered against him?

And how does he know how much anyway, unless the Feds get a kick out of reporting to his lawyer ever increasing numbers because they know he'll fall for it . . . 40,000 pages is no big deal but if we hit 45,000 then we're screwed! Julian, it's not an oil change!

Hang on...

Am I missing something here?

How are your passwords safe hosted on a third party server?

Why does a password manager need to have any information leave your system?

What hasn't been mentioned...

Wouldn't the local police probably know the addresses of local celebrities? Before dispatching SWAT to those locations (especially Kutcher, who pranked punkd a lot of people), they might want to get a confirmation?

Field day for MITM attacks on open wifi

Several French hospitals, and KFC (France). Hook up to their WiFi and try to go to an https site, Safari pops up a request for an SSL certificate that is completely different to the one you expected to see. So while Google is pushing us towards greater security, some hotspot providers (no doubt in the guise of "protecting" us/children/profits) are intentionally smashing down said security.

http://i.imgur.com/nDt8id4.jpg

[kudos to McDonalds (France) and Buffalo Grill, who not only leave https alone, but also permit a VPN to be used so you can fetch mail and stuff without other people snooping....which is supposed to be why ssl on an open AP is a good thing, right?]

"it is impossible to tell a good guy from a bad guy; that person can take their time to siphon off large amounts of data without being detected."

To be fair, one could say exactly the same thing about entire governments.

Disagree

To answer the last point first, I try to see people as people regardless of any perceived disability or the usual other differentiators. Frankly, I don't see how a smarter house is going to make a damned bit of difference there. Indeed, since you mention those with mental afflictions, autism for example, don't you think that these people are the ones most likely to end up being abused by their IoT equipment? Ultimately, the businesses behind IoT don't care about whether or not our fridge can suggest meals for us. It is more interested in the brands of milk we buy, the way we shop, the sort of things we eat. All information for profiling for selling to advertisers. I also fear that any sort of display device will default to "advertising" when not specifically in use. While I don't have any antipathy regarding a microwave touchscreen informing me how great <product> is, I am wondering how much electricity (that I would be paying for) would be consumed in the process, for all of the IoT devices over the course of a year.

Next, this site itself is rife with stories of the abysmal levels of security in many embedded devices, which seem to be put together with the idea that "it's safe, nobody is looking". In the process of trying to figure out how to extract some information from my Livebox (damn hard!), I noticed that the login process in the new crap firmware was an HTTP POST with this URI: http://192.168.1.1/authenticate?username=admin&password=xxxxxxxxxx I actually spat my drink on the floor when I realised that the box was passing the information around "in the clear". Good God, if a big service provider makes basic mistakes like this, what hope do we have of believing that the majority of IoT devices will be in any way "secure"? I also worry that when IPv6 rolls around, everything will have its own public facing address and at least hiding stuff behind a NAT will get that much more complicated.

I remember the home computer boom in the eighties, following by the office computer boom in the nineties. Are we still chasing the dream of the paperless office, or have we put that to rest?

Finally, you present the interesting idea that so much sleep entitles us to so many decisions, roughly we have a finite amount of thinking ours brains can do at any given time. Well, once upon a time coming home from shopping used to involve the boring bit where you'd take the stuff out of the various bags and boxes and put it into a location that sort of resembles a logical pattern - for instance you wouldn't put sugar under the sink with cleaning fluids and cat kibble into the fridge. You might also dedicate certain parts of the fridge to specific things, so you don't have raw meat and lettuce squashed in beside each other. Now what? The thing that people seem to forget is that if a fridge needs to know what is in it, it needs to be told. How? Barcode scanner? Are you expected to scan in every single thing? What about fresh goods that are given a scan-code that is unique to the shop? What about your shelves? Are you going to be obligated to scan everything? It might be logical to assume that the shop could inform your house, but this is making the assumption that you are always buying things for your own use, you will always take everything home (instead of, say, something to eat on the way or a ready meal to eat at work), you will always shop in the same shop, and also that you want your house (and/or it's occupants) to be aware of every single thing you purchase. Let's just say you are badly constipated and your doctor makes a prescription for this little bottle of stuff you squirt into your backside to get things moving again, and since you have never done it before you buy a bag of adult sized nappies "just in case". Bingo! Your house knows. Your family knows. Your service provider knows. And the advertisers that this information is shared with knows. You might never actually need the nappies, but by damn, everybody knows, just like that Leonard Cohen song. So much for anything even remotely resembling privacy.

On the scale of things, I think actually I would prefer to have my life a little less smart. Sure, it is sometimes difficult to think of meals that I can make given the assortment of stuff in the fridge, and to say I'm any good as a cook is a dangerous exaggeration, however what is the alternative? To become a drooling zombie dependent upon the technology around me? I guess you'd better pass me those nappies lest I forget how to pee if a cute little animation on the toilet doesn't remind me how...

will be charged using magnetic resonance from up to a meter away from the source

Whoo, imagine the Ts&Cs on that product, to wiggle around health issues and the huge amounts of interference that it is likely to cause.

I used to have a magnetic resonator that had a range of about a metre. It was a "wand" for degaussing cathode ray tubes...

just go to your bank and send a wire transfer to our account below

...and it doesn't seem strange to buy a holiday in Spain and pay to Poland?

Bizarre...

Over here in France, it is possible to unlock a subsidised phone after about three months. Used to be complicated, but now (Orange & Bouygues, assume SFR is similar) it is just a web form and the code is sent by mail or SMS.

I unlock my phones the moment the period expires so if my mother needs a phone and her one is acting up (it is ancient), I can swap SIMs. As far as Orange is concerned, it is no loss to them. All of my calls are included within my contact, and I'm still tied to my XX month contract, with a pretty hefty penalty payment is I want to quit early.

Wow.

With an actual spec to pretend to follow, we'll no longer have new improved versions that break things written for older versions in annoyingly subtle ways.

Oh, wait... Since this spec wasn't written by the PHP developers themselves, what relevance (if any) would it really have?

What hath Snowden wrought?

Given some of the interesting ... "diagnostics" ... aids that have recently been found in iOS, I think the only involvement of Snowden was to lower our level of trust enough that we'd start to see that which was hidden all along. This, they brought upon themselves.

StumbleUpon is ruining your site

There is some sort of problem on their end, so they notify us about this by opening a frame the width of the page, obliterating huge swathes of the content I came here to read. This is obnoxious behaviour.

http://i.imgur.com/MdR1WhA.jpg