Posts by vtcodger

Given that your IOT connected toothbrush likely has a rather limited UI -- one button -- entering a password may be challenging. Changing that password, even more challenging.

"It's easy to blame GDPR. What next? Blame Brexit?"

What the hell, blame any one of Hillary Clinton, Fake News, Iran, Russia, millenials ... your choice.

Re: Too many apps

Those of us who live elsewhere usually use the sun as a reference. But I suppose you work with what you have. I take it that in England, that's the wind.

"Do they think...?"

Most likely thing is that they don't think at all. I would guess that every personal computing device at Google is permanently logged into a wide variety of Google services. It'd be aggravating if they had to log back in constantly, so they don't clear their own cookies. The notion that folks outside of Google might not want to be logged into all that stuff permanently probably never crosses their minds. That's the way large organizations tend to work.

Re: Maybe just

Look folks. I really don't care about securing my password for Slashdot, The Register, or a multitude of other non-financial sites. Neither do many (I suspect most) other users. The password/account logic is imposed by the sites for their convenience, not mine. For them I reuse the same password within the limits of obscure and often conflicting length and content rules So does my wife, my kids, and (I suspect) damn near everyone.

Fifty plus years of computer work tell me that attempting to educate users or to force them to do things your way is pretty much a complete waste of time. I really believe that "crap" and reused passwords are part of the universe we live in. They aren't going away.

User authentication is a huge problem. It's a problem that will, I think, quite likely eventually limit the utility of the Internet. Basically, the problem is that a website that is actually secure -- for example the US treasurydirect.gov -- is going to be horribly difficult to access and is likely to have other problems as when multiple individuals need to access an account.

Do I have an answer? Nope. If I did, I'd be working on a business plan, not posting here.

But I do think you folks should recognize that passwords don't work very well and, as far as I can see, probably can never be made to work much better than they do now.

(Interestingly, one organization that I actually need to interface with has a website that is perpetually broken in one way or another, but has something I'd thought to be unlikely -- an automated phone system that actually works. FWIW, It authenticates me by date of birth and postal code. Not great from a security point of view, but not awful, and better, considering the medium and all, than passwords).

Re: Its really not that difficult.

Sadly, even very simple, clearly defined, systems can be quite difficult to understand. Check out this example. https://en.wikipedia.org/wiki/Feynman_sprinkler Large collections of digital logic are rarely either simple or clearly defined,

Re: I would refuse to buy ANYTHING with built in Alexa

"I'm sure nothing bad would happen if someone was able to hack into my microwave and make it turn on and stay on with nothing in it."

Well, I CAN attest that there was a thermal fuse in ours that blew after the potato that I'd intended to cook for 6 minutes was about 15 minutes into its conversion to charcoal. (Extra zero on the cook time.) But the oven was really never quite the same even after I replaced the fuse.

Re: offsite backup

All really good advice. But be aware that, as with many other things, what's simple in concept may not be so simple in practice. For example, it'd take a good part of a week to stash a copy of my PC hard drive to the "cloud" over my suburban US DSL line. And I don't have any video data. Folks (including businesses) in neighboring towns have even slower connections BTW. Moreover, tying up the home data pipe with a massive, days long, upload is likely to annoy the other folks that reside here. Therefore my home system offsite backup is on a usb stick in the spare tire well of my car. THAT only takes about five hours to build

One very likely wants to encrypt offsite data. Easy enough, if one does something like tar-compress-encrypt on high level directories. Why tar? Because I really don't want to deal with data recovery from a file system with tens of thousands of files with obsfucated names. Rsync isn't going to work very well. Solvable? Yes, I think. I haven't actually tried to integrate rsync into the workflow. Easy? Not so much I'm pretty sure.

Re: Just one thing I don't understand...

"how the hell did he know where to look?"

Typically, one would look at the talus as the base of the cliff for clues as to what sort of fossils (if any) are exposed in the cliff. If something promising is found, one would try to figure out which layer it came from. In this case, I'd guess they found nicely preserved Ediacarian fossils, or fragments thereof at the base of the cliff, figured out which exposed bed was the source, then rappelled down the cliff to mine fresh, unweathered material. That's only a guess.

Paleontology can be a rigorous and perhaps at times somewhat dangerous avocation.

Re: My printer

My God man. Who told you our secret ink formula? You can expect to be hearing from our attorneys.

Re: Yellow and blue

Actually, we old timers punched cards. ... Fade to scene of a dozen gaijin and Japanese programmers frantically moving hundreds of boxes of punched cards from computer room floor to tables as typhoon driven floodwaters slowly infiltrate computer center. Yes, that happened.

Re: Radiation

Radiation is far from the only problem. I think provisioning a trip that takes many months with no hope of resupply may be a far greater issue. Back in the days of exploration, ships carried some hand tools, nails, rope, canvas, metal parts, and figured they could find food, water and wood for repairs along the way and make/improvise anything they needed. They didn't always come home.

An interplanetary vessel is going to include huge quantities of sophisticated electronics, composite materials, etc, etc, etc. Fixing anything that breaks en route is likely to be a major challenge. And due to the complexity of providing food, air, and water to the astronauts, there is going to be lots that might need fixing. A one or two year trip to Mars is going to be a far more complex task than a quick round trip to the Moon.

Re: I have just one question

Perhaps I'm misreading it, but I think the vision is that you send Microsoft a (whopping great) check every month and every three years or so a bunch of big boxes shows up on your doorstep. You open them, take the computers therein to your desks/counters/workstations, unplug the old computer, plug the new one in (along with the network, keyboard, mouse) and turn the power on. In a week or three, a truck shows up to collect the boxes that now contain your old computers and carts them off to Niceragua where they are given away to schools. Microsoft handles ALL the details for you.

Perhaps I misunderstand.

Re: CCTV?

While someone might buy CCTV cameras to monitor day to day activity -- to detect shoplifting for example -- they might also buy them to monitor for vandalism, theft, etc when no one is around. That implies sending the signal to somebody who will watch for suspicious activity in the wee hours of the morning. Some of these things are probably going to be on the internet. Conceptually, there should be a properly configured firewall between the camera and a bored hacker in Budapest. But in practice a lot of them won't have firewalls at all, and some that do will have misconfigured firewalls.

What to do about that situation ... I haven't the slightest. And neither, really, does anyone else.

Re: Why do we need IPv6

"But do you really think we should have left our grandchildren with a network limited to 4 billion addresses"

Actually, given the current state of communications security, that's exactly what I think. I do NOT want to spend my life defanging badly designed household utensils that probably shouldn't have a network interface in the first place. It's apparently only a matter of time before my can openers won't open cans if they aren't connected to a network. IPv4 at least makes it hard for them to call their maker and very hard for their maker to cold call them. I think that's good, not bad.

I also think that communications security is an enormously difficult problem. The current "solutions" are laughable. AFAICS, they mostly just randomly break stuff. I do not expect security to improve very quickly.

I will give you that the IPv4 addresses are poorly allocated and I'd support a well thought out and realistically implemented program of yanking back portions of the overly generous initial block allocations and making them available to latecomers.

Re: @vtcodger

You're correct, it's twisted pair all the way to the house. I know because the street construction guys severed it -- twice -- while rebuilding the street a couple of years ago. I had reason to look into how the US POTS telephone network works once. Robbed Bit Signaling and stuff like that. I'm amazed that the system works at all, much less well. But for the most part if does seem to work pretty well except for some pathological cases.

What budget?

Everyplace I've ever worked, there is an routine that is gone through near the end of the fiscal year wherein any unspent money in better managed accounts is quietly transferred to accounts with pressing needs. But doesn't that largely obviate rational budgeting? Why yes, of course it does. Wherever did you get the idea that budgeting is supposed to be, or is, rational?

Coming into a situation like that described -- were I crazy enough to put myself in that situation, I wouldn't be at all surprised to find that the budgeted funds had been hijacked.

Re: Again.. How many people turn their machine off?

Nothing wrong with powering off when not in use, but perhaps it'd be a good idea to unplug as well. There is something called -- as I recall -- Wake On LAN that allows "powered off" devices to be turned on remotely. Obviously, some hardware isn't as turned off as one might desire when one flips the power switch off. Who knows for sure what is actually running in there when the power is "off".

"by the time I was done I was almost ready to chuck the laptop out of the window"

Are you ever going to need to access that account again? Do you reckon you'll be able to?

Re: Problem-solution dichotomy

There's a difference between keyless entry and keyless ignition. Hacking keyless entry allows one to steal stuff. Groceries, your laundry, the radio. Hacking keyless ignition allows one to drive off with the vehicle. (Although I'm a bit hazy on why one would want to drive off with a Tesla. What, exactly, does one plan to do with it?).

Also, many vehicles that allow keyless entry have mechanical locks that can be used when the keyfob fails. That's more useful than one might think as keyfobs tend to fail when the battery gets tired. Because of the nature of batteries, that's likely to be when it's cold out. At night. In Winter.

Re: Secure email?

There are plenty of methods to communicate securely, but email isn't one of them.""

I'm not sure there are "plenty" or sometimes even one way to communicate securely to an arbitrary third party. At least not electronically. But I think it very likely that attempts to make email "secure" would likely make it very difficult or maybe impossible to use email for purposes where security is not an issue.

Security is very difficult to do even passably well. And it's very costly and inconvenient.to secure stuff. I don't see any sign that the helpful folks who sincerely want to help me out on the security front understand the potentially negative impacts of their efforts.

Re: Users?

I don't think this is as hard as we're making it. All it takes is for a major jurisdiction -- The EU, China, or even just California to require a standard jumper in a standard place -- perhaps next to the OBD/EOBD connector. If the jumper is in place, personal data is retained. If it's not, the vehicle asks when powered on "clear personal data, yes/no?" Until the question is answered, no entertainment system. On rental vehicles the jumper is removed by the cleaning crew and is tossed into the glove box.

Re: Less is more -- not!

"you're entire screen will turn black"

Blue is traditional.

Re: "Gee ..."

Of course we don't know if update installation is optional even if you are a Microsoft system administrator. For all we know, their first clue that the system was being updated was a message telling them "Getting Windows Ready. Don't Turn Off Your Computer" or some such.