Posts by volsano 130 posts • joined 22 Jun 2007
Years back I worked somewhere that enforced monthly changes of password.
Had to be upper and lower letters, digits, special characters, Could not reuse a password you had previously used. At least 8 characters long.
Pretty much everyone in the company password for this month would be some minor variation of
Nov-2020
Fits all the rules, and hard to forget. Secure? Not so much.
Dear Bank Manager
Thank you for reporting that an account fully managed by you in my name has become "overdrawn".
I take our responsibility to protect the contents of your accounts extremely seriously and it is a top priority.
I want to reassure my banker that their money was not at risk as a result of this error.
Only a tiny minority of customer accounts are affected by this situation.
For those unfortunate enough to have a Tory MP - it's time to phone them ask to get IR35 done.
Remind them - per page 59 of their manifesto - that they will "put you first" and their job is "to serve you".
And so tell them you won't hang up until they have done their priority job of fixing IR35 for you - wouldn't want them to get distracted with another task that isn't serving you.
The Apple Newton was the overpriced floating train wreck of its day. Today, tablets and smartphones are part of our ambient background.
So failure does not always mean extinction.
Maybe when Google retools and launches the usable version - let's call it the Google Monocle - they might sell two to every networked punter in the world.
Let us now start pandering to those who dislike the terms Client and Server - Server being particularly problematic as it implies a subservient role.
The terms Provider and Consumer are much more closely fitting our modern day sensibilities.
So, all together now, Apache is not a web server. It is a web resources provider. So much simpler.
> Spongers. If you don't like their revenue model, don't use them.
Spongers wanting to run their scripts on my computer without contributing to the electricity costs - or having assured me they have indemnity insurance for any issues their scripts cause.
Now, if all their scripts came ISO-9000 certified, I may be willing to give them a discount on the electricity and insurance cover costs. Until they do, they can pay in full up front before I let their stuff run.
Just trying to be professional here.
> My password has twenty five symbols. Be my guest
If the bad guys were specifically targetting you, they'd know enough now to put the HTTPS attack on the back burner and break out some of the more specific tools.
Chances are, they aren't specifically targetting you, so they keep fishing for passwords that are short enough to break, and profit from that. That you have a long password is a tip off to them that you may have other defences, so it'd be too costly to focus on you.
It's no different to having a strong front door lock. You either divert opportunistic crimes to your neighbours; or you cause the person seeking to specifically burgle you to look for other weak spots.
None of the scoffers so far have considered the practical uses when running in a (hypothetical) tethered mode: You re plugged into a power socket (perhaps your Tesla's cigarette lighter) via 50 meters of lightweight cabling.
You could now easily get, ohh, say fifteen minutes out of the current device, although not on a public road of course.
Plenty of time to poise as a low-flying acrobatic idiot with more money to burn that remaining IQ points. With enough make-up and some cross-over with synchronised swimming, it could be an olympic sport candidate.
I would be happy to link to one of their pages.
But, in return for their permission, I would require to be informed no less than 21 (twenty-one) days in advance of any changes they intend to make to that page -- that includes but is not limited to embedded advertising, javascripting, visible text, invisible text, CSS classes attributes and tags, non-visible comments, HTML alterations, and images.
Otherwise, how can my overworked and under-ferrari-ed lawyers ensure that we are still linking to the information we originally linked to?
Fair's fair.
A huge number of malicious scripts come via advertising -- bad Javascript, bad Java, and Bad Flash.
I would love to see all unsigned,untrusted, Javascript being simply rejected. Would really force the ad industry to do quality control on their stuff before they try to insist that I run it on my machine.
I would not run random code on a server. So why should I run it on my personal machine?
If (it's a very big if) that random code came with a certificate proving it had been extensively tested, that it was believed by reputable authorities to be harmless, and that I was covered by ad-industry insurance in case it did any damage, then only only then might I allow it to put a big flashing distraction in the corner of my screen.
But until that happens, Adblock is an essential layer in my security perimeter.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
