Posts by hayzoos

Bench grinder or handheld

Reduce the data storage device to grinder dust. Grind additional parts after and mix well for entropy. Grind other similar stuff and mix that in. If a fine enough grinder wheel, most of that dust will ignite of aerosolized if one wants to be more thorough or has pyromaniac like tendencies.

Why use Chrome? Defective web pages I must use.

Most of my healthcare providers (as an example) have gone "digital|paperless|electronic". Which means I now must not just choose to use their web portal to access documents. It is possible to still get paper via snail mail. But, they (as part of a larger group) make the process as hard as possible and they have an insider planted in the USPS to slow and reduce reliability of service.

They do not make their own web portals, they use what is part of whichever of a few healthcare information systems are available. These invariably are tuned to Chrome (would have been IE back in the Fool's Golden Era). So in order for me to obtain what little support there is, I have to be using the right supported browser (and the right supported OS) which must be up to date. LTS versions may be branded as outdated.

I never mention Linux nor Firefox when these web portal house of cards have fallen over as I am trying to retrieve some important document. The browser agent clearly states Windows and Chrome or Edge in the most recent accent I can find. Just so the support session can continue past the initial gateway checks. Sometimes the support scripts try to push the above noted system's app, so be prepared to have tried that. Still I have had support sessions end in "try again later" "there must be some temporary issue".

To support my end of the deal; I have Edge, Chrome, Chromium, de-googled Chromium, and Firefox (in reverse order of preference) updated automatically and ready to try for the support script agent.

Unfortunately, There are many everyday service providers that have gone down this path. I must retrieve my paystub from systems like this. I must retrieve tax support documents like this. Only my water service has not gone this way. It is coincidence that is one of the lowest cost services?

I only use Chrome or Edge or whatever spying browser as a last resort. Firefox is now being considered contaminated and is in the process of being phased out of regular use. It may come back again depending on another turnaround or not.

Good idea - work in progress

"So one of the things that we're seeing is the whole movement away from passwords to passkeys – a certificate-based authentication wrapped in a usability shrink wrap," Forrester VP and analyst Andras Cser told The Register.

- I think this is the best definition of passkeys I have seen. It does not try to force implementation limits like other definitions have. Best practices should be defining the implementations. But I have seen implementations which should not have been released yet, keep those implementations in beta until wrinkles have been ironed out. Just like modern software development though, public beta testing.

Gartner analyst James Hoover told The Register. "For device-bound FIDO2 keys, there is not currently a proven method of 'stealing' them, as the private key itself does not leave the device."

- WTF? Steal the device! Oh, I see Gartner, move on - pay no attention to the man in the ivory tower.

"With passkeys, we take that shared-secret model and just blow the whole model up, so there's nothing that can be shared," FIDO Alliance CEO and executive director Andrew Shikiar told The Register.

- Really now?! How does that work? Wait for it, wait for it ...

Then there are multi-device passkeys – synced credentials that allow users to log into apps on any of their devices and stored in a credential manager like Google Password Manager, iCloud Keychain, or open source Bitwarden.

- It looks to me like passkeys can be "shared".

These implementations are all over the map. I have passkeys in a FIDO2 USB/NFC hardware device, in a password manager, and in a Windows laptop. I could have in browsers, phone, phone browsers, etc. Some sites refuse to establish passkeys on some platforms be they Linux or password managers, non-Chromium browsers, or who knows. For the uninitiated, good luck understanding what a passkey is when all these ARE passkeys to the end user.

Windows requires a PIN to establish passkey use. The PIN is not for an individual passkey. It is for the Windows credential store. A password is not good enough when storing a passkey in the store - fair. But then it allows a four digit PIN - kinda weak. And it can be used in lieu of the password - Now were cooking with napalm! (hey kids: don't try that at home, toxic substances on the food, probably cook yourself too, and likely burn down the house) Oh, and I almost forgot, reset your PIN and passkey goes bye-bye. Good to see that MS has gone to great lengths to ensure their Windows passkey implementation is of equal quality to that of the OS. But I do think MS has contributed greatly to the "2 billion passkeys being used" between Windows and their other ?AAS offerings for varying interpretations of "used".

Other implementations have their issues as well. I cannot speak to Apple's, not having anything to do with that company since the Apple II line died out. Google, bitwarden, local banks, etc. all have chosen different ways to implement passkeys. Different passkey storage "devices" walk all over each other trying to be your favorite place to keep your passkeys. Some even allow set up of a catch-22^2 of passkey to access passkey to access passkey ad infinitum or so it seems since the chain of passkeys look so similar. Some sites offer passkey access or so they say, I have not been able to get one to allow any particular combination of software presented to establish a passkey, but they will text or email an access code instead of using a password, heck they will still demand you choose text or email delivery of a code even after providing the password. With security like this who needs locks? Wait 'til you see how these characters have implemented "lost authenticator recovery".

One final note. What you are is not a viable authentication factor, what you are IS your true identity. Other identifiers are usernames, ID numbers, names, where you have lived, where you went to school, what was your first car, mother's maiden name, things that make up you that do not change. In many instances Identity needs to be Authenticated and sometimes more assuredly than others. When the ID assurance level needs to be high, non-identity authentication factors should be used and should be changed if suspected to be compromised. Nothing is perfect, and implementation is key.

Distributed AI

The AI can code malware. It can self replicate wormlike to any device with enough processing to participate. The self-replicated AI computing can be distributed and operate like the internet was designed to just work around non-functioning nodes. Everything on the internet could be an AI node.

Not rocket surgery . . .

If the storage device is non-functional, destruction alone is only option. If destruction is going to be performed, skip any other option; it is just a waste of time. Grinding to dust or smelting is as good as it gets but may not have the thrill factor of thermite or C4 or target practice.

All multi-pass overwrite methods were developed for hard drives over two decades ago and became obsolete shortly thereafter. A single pass of randomly generated bits overwrite is all that is needed.

Overwriting by sending data through the I/O interface is the slowest possible method and has other problems, don't do it. Unless you need to overwrite a hard drive older than 20 years or so, just use the storage device's built-in secure erase function. hdparm can access the built-in function as can some other tools. Doing it manually with hdparm takes a few steps to guard against accidentally erasing the drive. Later ATA interface drives and newer have it. SCSI had a secure erase function even earlier. Way faster than any OS based overwrite tool using the I/O interface.

Can't find a way to secure erase that thumb drive? Grind it to dust. If your data is not that valuable to waste a storage device, why even consider data destruction? Why even consider using an OS based overwrite tool which could take hours or days?

It just works . . .

Until it don't.

So many network admins these days were hired as digital natives. But, being born with digital tech in your hand does not make a competent technician.

No push back from greybeards that MS-DHCP is required, and redundancy is "built-in!" because the greybeards were too expensive and shown the door.

I'm one of those greybeards. I and my colleagues made sure critical servers had well documented, static IPs. Of course this meant ensuring MS-DHCP did not clobber those IPs. True backup DHCP was ready if needed, because functioning servers are of no use if clients do not have their IPs. Similar approach to the entire network.

The list of "critical" servers these days though has probably suffered mission creep and would be claimed to be unmanageable for manual "DHCP".

enshitification all around

BSOD

I thought "Art Installation!" Display a BSOD (or is it GSOD now?) Then place it up for auction. Only problem, it has probably already been seen, nothing new, novelty already worn.

A little more to the story

The whistleblower was left a threatening letter taped to his front door. Detail in the letter intended to scare him was recently updated information which should have been only available from a government database like OPM. IOW threat came from government insider. But with OPM's history and other recent DOGEy events, this info may very well be found outside government.

He states he is hoping others like him in other agencies visited by DOGE come forward as well. Apparently, his lawyer has uncovered information that there are others who have witnessed similar activity at other agencies when DOGE paid a visit.

I do not know for sure, but as a user I experienced something I thought was odd at usps.gov. It was in the timeframe DOGE was invited by former postmaster general Louis DeJoy to review the USPS efficiency just prior to DeJoy's stepping down from the job. I was attempting to login to usps.gov when I recieved an odd message, "their MFA was not working". I expected the login to fail, but no, the login succeded without MFA (TOTP is configured on my account). I had sent a message complaining about allowing account logins when MFA was not working. I cannot remember for sure, but I think it happened again a few days later. Was this caused by DOGE?

Natural Gas it is then

There is plenty of natural gas well and pipeline infrastructure in the area, I doubt hydrogen is seriously being considered. As noted in the article, electrical infrastructure is present as well. I am not so sure about Internet though. That should not be as much to establish though.

The coal thing was soo trump 1.0, Trump 2.0 got in on "Drill baby, Drill". Natural Gas & AI, so apropos for Trump 2.0.

Horse has bolted, burn the barn

I am sure information about me is out yonder many times over. Instead of trying to prevent its' loss (too late), or getting it all back (try herding cats?), why not address its' mis-use? How you ask? Damn good question. I have not put enough thought into it.

Network services are a system level service

Browsers should not be implementing system level services. I use more than a web browser. I have DNS client, no proxy, VPN, and more configured at the system level. I do not want any network capable application trying to override these settings. There should be only one system level certificate store, so dodgy root certificates can be blacklisted thoroughly in one location, not in each and every application.

My response

I checked if I had it installed even before I knew how it behaved. I guessed it was a process monitor of sorts. It was not installed. Then I continued to read the article and subsequently comments. At this point I discovered it is unique amongst process monitors in that it runs in the background and writes log entries as root by default. That to me sounds like the sort of tool to use for troubleshooting and put it away when done. I imagine it may have options for verbosity of logs, running as a lower privileged user, maybe some other neat features. I need to try and remember this one if I have the need. As usual, I would probably RTFM before cutting it loose on a system.

I say good call on the warning. It could have easily been installed and forgotten. Also some OSes may have "helpfully" included it as a standard package.

My printing experience

TLDR; Canon multifunction inkjet seems OK for the moment, Samsung also sold out to HP, I always printed minimally and had unique solutions.

Work: Buyer found Canon multifuncion inkjet fits the bill. My annoyance is driver proliferation, every model variance needs a different driver no matter how similar the printers or model numbers look. Seem to do well otherwise and take a beating.

Home: Current is an old Samsung multifunction laser flatbed scanner (& unused fax) SXC-3405W. It does not phone home and no Windows machine to help it do so. I have updated the firmware a couple of times, but stopped when I found the next would be hostile to non-OEM consumables. That may have been near the time Samsung handed the printer division over to HP. It still chugs along. Early built-in WiFi era printer also has USB-B.

The SCX-3405W replaced a ML-1740 laser only Samsung. That is also still going strong, I just installed a driver in daughter's Windows 11 laptop (she needs Windows for a work software requirement). Win11 cannot find the driver on its own. The ML-1740 has never had a firmware upgrade, I do not know if it has the "feature" of consumer upgrade-ability. The reason I replaced this printer was Windows (I was a user at the time) dropped support for the flatbed scanner I had and the manufacturer played along. USB-B and Centronics era printer. I would still be using it had I not found the printer/scanner at a good price.

Prior I had two inkjet printers which I deemed to be crap, did not last long, so much trouble with ink, not worth the effort just to have color.

Before that I had a 9-pin and later a 24-pin dot-matrix. This is when my printing needs had dropped so low that I had taken to storing the ribbon cartridge sealed in plastic wrap in the freezer. I would take it out to acclimate prior to unsealing and then print, and put it back in cold storage for months or a year between printing.

Way back in my Apple //c ownership era, I sourced a serial interface thermal printer intended for the IBM-PCjr. It could use fax paper or the paper for and Apple thermal printer. A copier would produce an excellent copy from the thermal printout for a longer lasting and not curled document to turn in homework at college.

modern cooking prevails

I hear an air fryer can complete the task in 20 minutes. Ten minutes in preheated air fryer at 250 degrees F (121 degrees C for those outside the USAian universe). Follow that with 10 minutes in an ice bath.

For the latest and greatest use an instapot, as the name suggests it's nearly instant.

On The Internet

Are all these 50,000 systems on the Internet? I think some may be so "antiquated" that they are not. Yet they are still able to supply water. They may have other problems, but cybersecurity would hardly need considered.

Antiquated in quotes is because that is a viewpoint from some, and that is part of the problem. Modern does not require everything to be connected. If the only tool you have is a chainsaw, it doesn't mean you use it to hammer in screws.

I do not use that much

I am fortunate that my home ISP does not have a data cap in my area. They do in other areas though. I do use a lot more data at home than away, the stats are available on their website so I can compare.

My mobile use is far less. I am on a "grandfathered" plan with a 1 GB / month cap. The penalty of overage is throttling. I hardly notice the throttling. The plan was modified recently though. It was a 4G only plan. The carrot(s) on the stick were upgrading to a 5G and / or (limited) unlimited plan all at more cost to me. My carrier no longer has any 4G only so I now have access to 5G, but the wife's phone is only 4G. What are the odds that through attrition I can end up with a 5G (limited) unlimited plan? BTW "normal" price increases have applied so I pay more than I did when I started but all other options cost more.

How much "data" is consumed because of bloat, crap, poor programming, ads, telemetry, data slurp, spying, whatever you want to call it?

Think about it

There is a certain irony in th statement; "We continue to encourage users to only send view once messages to people they know and trust.”

Legacy apps & devices

One solution is to setup your own mail server for legacy apps and devices. If the legacy stuff is all internal, then it makes even more sense to keep them from connecting externally.

Root cause analysis

All the proposals for breakup variations or other remedies to the monopoly known as Google(Alphabet?) seem to lack a good root cause analysis.

Google(Alphabet?), having been declared a monopoly, should be first required to fully reveal everything to the court. The court should then identify what is the internal root cause of Google(Alphabet?).

Has Google(Alphabet?) already prepared for a government action by restructuring with Alphabet as the top? What other preparations have they done? Are they positioned to eventually thrive after a government action?

Follow the money is a very good method, but not the only method of revealing answers. There may be false answers planted to throw regulators off the real trail.

I suspect ads, specifically targeted ads, and the requisite data collection is a very large factor. I do not assume that is the only cause.

I do not propose a remedy at this time without more information. We are not necessarily entitled to that information, but the courts are.

Does this sound familiar? Twilio Authy

It did to me so I checked it out. Twilio acquired Authy in 2015.

Never really liked Authy in the first place, but now run as fast as you can.

Never really liked Google Authenticator either for the same reason.

You cannot get away from this data slurp crap, it's everywhere.

Most important opinion

I do not recall reading about the opinion of the most important experts. What do the astronauts think? I believe their opinion should factor most highly in the decision.