1498 posts • joined 5 Mar 2010
"Could agree what makes a good password"
How come, in this age of ISO, BSI, CE etc etc, no one seems to have devised an internet standard for the creation and handling of user authentication credentials in an organised, systematic way .
Because it seems every man+dog site has their own ideas, and implement accordingly.
Here's some starters for 10:
1) define a minimum password length
2) mandate the form (one letter, one number, one non-alpha)
3) mandate that passwords must be stored as hashes (because I *know* there are sites with a backend of passwords stored in plaintext)
4) mandate a password recovery mechanism with one alternate *not* involving email.
5) mandate a password refresh period and password retention policy (can't reuse the last <x> passwords).
Also, just a thought that popped into my head - could it not have been a power cut that reset the charging flag? does it also record the fact that a physical "unplug" happened?
If the Oz legal system is anything like the UK one, the defence will have been given advance sight of the prosecutions case, plus any details of crucial evidence like this. It would then be up to the defence to accept, or dispute the evidence. Whilst they might be able to suggest alternative explanations for the evidence (in this case the fact the phone reported being "charged" at a certain time) they would also have to back it up with some proof - maybe a report from the power company ?
There are several alternative explanations beyond that. Faulty charger ? Faulty mechanical connection ? Faulty phone ?
The thing is these alternatives should also have occurred to the prosecution, and been eliminated *before* deciding to introduce it into evidence.
but still subject to US data laws
so what's the point ?
Re: ""We cannot reject this legislation; it would be wrong to do so.""
with the Tories complaining about civil liberties .....
Watching the excellent Richard Herring Leicester Square Theatre Podcast (or, as all the cool kids are calling it: "rhlstp") he was chatting with Dara O'Briain about Wiki inaccuracies, and it was suggested that *some* celebrities deliberately leave inaccuracies in Wikipedia, as it gives them a quick handle on the calibre of journalist they are dealing with.
On a similar theme, there used to be an story about Van Halen insisting on a bowl of M&Ms in their dressing room with the brown ones taken out. How we laughed at precious stars and their whims. Then one of the band confirmed it, but crucially explained it. Apparently the same rider gives instructions on setting up bits of kit and stage layout. After an near-fatal incident where some equipment wasn't properly secured, they inserted the "no brown M&Ms" clause at the end of the rider as a quick check that the rider had actually been read.
If it wasn't for ****ing cheques
I'd never need to go near a branch.
Last offender ? HMR ***inng C, who decided that my tax refund had to be a cheque. No asking how I'd like it. No choice of supplying a bank account and sort code.
Since MrsPage and I rarely if ever visit high streets (last time was 4 months ago), it's a matter of supreme inconvenience to have to deal with paying cheques in.
Plus ca change ...
Back in the 90sm Barclays went all USian, with open plan banks, with one lone cashier behind a counter, and everyone else seated at desks. Looked very like US banks you see (or used to see) on TV. Of course they couldn't take money at the desk, nor dispense it. But as long as you wanted a new chequebook, or a chat about a loan, brilliant.
Little tip from the real world, by the way. If you need people to show you how to use the machines, then it's pretty much a conclusion that you've failed in making anything easier or better. Certainly as a customer.
+1 for Amazon CS here, too
In the 15 years since I started using Amazon, I can count on the fingers of one hand the problems I've had. And each one was dealt with promptly, courteously, and [IMHO] correctly.
Just love it ...
especially since it kinda suggests we need some sort of in depth analysis of beers at altitude ...
upvoted for H.L. Mencken quote ..
"Explanations exist; they have existed for all time; there is always a well-known solution to every human problem — neat, plausible, and wrong."
And once again ... signal to noise
none of our MPs have the faintest idea of the concept of signal to noise. What people should really be concerned about is by building up these <however many> petabytes a DAY, our security services are simply never going to find the real smoking gun. They may find loads of things which look like a smoking gun. But by the time they've realised it isn't (with a very negative outcome for the innocent who has been detained without trial for 28 days, lost their job, home, reputation, and has no redress from a state which will charge him for his rent and board whilst incarcerated) the real terrorists. The ones we *should* be scared of, will be skipping into the sunset, having bypassed all these measures by (a) faxing each other in Arabic, or (b) used VPNs and TOR where sensible.
I have already decided Green for me - despite the fact I disagree with almost all of their energy policy (something the big 3 have managed to fail at too ... looks like no party is going to build nuclear anyway, so I may as well vote Green).
None of the big 3 are getting my vote ... and since it's taken 30 years for me to feel this way, it's unlikely they ever will again.
Re: Sunset clause
Depends what parliament looks like after 2015. I have a hunch that despite valiant efforts from Cameron, Clegg, and Miliband to pretend nothing has changed, they are commanding the tide to turn back.
The entire demographic of politics has shifted in ways unthinkable 30 years ago. The UK is no longer the easily partitioned LibLabCon landscape of days of yore.
I forsee coalitions as being a way of life. Remind me, who do I vote for if I don't want this shit ?
At least it has a sunset clause (as indeed ALL "emergency" legislation should).
Cameron won't be here in 2016 ....
And todays word from history ...
Out of curiosity ...
How many synonyms does Rogers Profanisaurous give ...
@Return to Sender
They may have changed it now. But I can assure you, when I first got it (Jan 2013), you could not set the internal IP address to be anything other than 192.168.1.1 It let you put it in the fields. But when you tried to save it, it reverted to 192.168.1.1. Hence I returned it as unfit for purpose. This was before the fix which allowed you to put it into modem mode.
Funny these outages happening
as some very serious allegations are flying around the net ....
"Super" hub ?
When I first got one, I immediately went into the settings, to setup DHCP the way it needed to be.
Couldn't do it. It forces the IP address of the internal network - you can't change it.
Sent the POS back as not fit for purpose, and got a discount for the next year. Then they introduce modem mode, and I was able to use a grown-up router (D-LINK). My router dishes out DNS settings, and they ain't VM, which is probably why I had to read this article to realise there was an issue.
Only in the *VM* version of the superhub. Like their TiVo service, you get a nobbled box.
Re: Factory Reset
Will this really *wipe* the memory ? Or just like the old "quick format" trash the file allocation table ?
There were scare stories in the 80s of people who had recovered sensitive data from formatted HDDs - and floppies.
Re: Clothing labels
If manufacture is as cheap as to be effectively "free", then durability is less of an issue.
Hang on a minute ...
from my memory of the law, for the offence to be complete, it has to be shown the defendant was *able* to break the crypto, and that a forgotten password would not lead to jail.
What made the cops so sure - after being provided with 50 possibilities - that the guy hadn't forgotten his password ?
Otherwise we're back to the situation posited when the law was first proposed. Just send someone an encrypted (or sufficiently non-random) email, then call the cops, say "child porn" and sit back.
What's David Camerons email address ?
e2a: Just read that he refused to hand over the keys. One wonders how bright his legal team were ?
My son (who left home a few months ago) called me up a few days ago, asking for the passcode I had set on his TV, when he was younger. No way could I remember, despite going through all the obvious ones I use. And this is just a 4 digit number. Imagine a randomly generated password ...
"The Craigslist slapper experiment"
hard to think of a more concrete examples of two nations separated by the same language ....
"smartphones, tablets, and computers"
All of which are useless without an internet connection. Presumably Samsung have the serial nos etc. I wonder if they can detect the devices going online.
Same with my TV, whose serial number is registered with LG. Anyone nicks my TV, they'll have to use it in dumb mode.
Yes, there's always going to be workarounds for the odd case. But a truckload ?
One thing the IoT is going to bring, is a lot harder to shift consumer electronics.
Use your imagination ...
They can firewall out sites which don't comply. Or more likely, they can pass a law saying it's illegal to use a proscribed site - i.e. one which isn't hosted in Russia..
Data ? Copy ?
How would you define either, in a modern distributed system ?
And for every false positive ...
the chances of a false negative *increase*. Not only are these asshats breaking the law, and pissing all over our privacy. They're also making themselves *less* likely to be able to protect us.
A point raised yesterday ...
everyone is 100% certain that only *adults* were involved ? Because UK law (and the majority of US states law) tends to be very harsh on assuming consent in minors.
Is "needs internet connection"
the new "batteries not included"
Kids - ask your 'rents ...
(for using "'rents" ---->)
From the Page household ..
My phone is a company supplied Lumia 620. Since it does all I want (and more, actually, the satnav/GPS is a bonus) I don't need a personal phone.
MrsPage has a 2 year old WildfireS. It does all she wants, expect the battery is starting to die a bit, and she'd prefer a bigger screen (as she has vision issues). So we'll be in the market, but not for anything fancy ... the MotoG is looking like the handset of choice.
What's more, I can't see myself *needing* a new phone anytime soon.
Two juggernauts colliding ...
It's a little like Alien vs. Predator ....
"The war on terror" hits "Think of the children"
Of course, nobbling DNS is the cheapest way to mask certain areas of the internet from the masses. So any issues with major ISPs DNS provision is suspicious.
Back in the 1980s ...
at out Polytechnic computer centre, we were "charged" to use the computer. Two key measures were "connect time" (how long you could be logged in) and "CPU time" (how much CPU you were allowed). These were weekly measures, so got reset every Monday. The idea was to ration a precious resource. As an incentive, if you put your job (in my case network simulations, and matrix-busting maths libraries) into a batch process, and ran it overnight, you weren't charged for CPU usage. (They tried to claim this was to encourage off-peak usage. The real reason was the batch process ran as a special user, and couldn't tell whose jobs it was running).
Plus ca change, plus ca meme chose.
(A rider to this memory is as an old-school hacker, I discovered the process which managed the charging, and was able to write some code (in FORTRAN !) which sent it the appropriate message token to "reset" my - or anyone elses - usage figures. Happy days ....
Cinematic telecast ....
Out of curiosity, I discovered the 20th July (Finale) cinecast was playing at my local cinema, so bagged a couple of (numbered) seats. 'Er indoors has never really been a big Python fan, but she appreciates how much money we've saved by not going to the O2 ;)
I guess we can call them movie theatres now ?
Icon ? My hovercraft is full of eels -->
Re: Stewart Lee did some excellent stuff about the countryside on BBC2.
*I* upvoted you, leastways, although you may have gotten more downvotes if you started on visible otters.
Anyone familiar with the Peter Principle
(the excellent book, not the dull sit-com) ?
In any organisation, people rise until they become incompetent, at which point they stop. Therefore in any organisation, the real work is being done by people who have not yet reached their level of incompetence.
I really cannot recommend this book enough. Despite being over 35 years old, it reads as if it were written today.
thank you for that site, I have only just got enough breath back to type ...
Re: Re Sunday Sport Headlines
Ah, but did you read the second *story* ?
IIRC, it gave a list of possible explanations for the disappearance of the bomber. The last of which was "The original picture may have been a hoax"
Will never happen.
The reason nothing stays the same in government is simple. It means it's impossible - not just difficult, or tricky, but actually *impossible* to identify where anything - or anyone - went wrong.
Here's a simple, (definitely non trivial) example from recent history. Do you remember the winning bid for the 2012 Olympics HMG submitted ? Do you remember how suddenly it went 17.5% over budget because someone "forgot" to add VAT (no you couldn't make it up).
Now, who was responsible ?
See what I mean ?
People with over 10k in the bank are usually not in the "*chump" crowd.
Wanna bet ? Here's a story from .... oh, yesterday, about chumps losing money ....
From the article:
Hundreds bought plots of land near the World Cup destination of Fortaleza, for which they typically paid £10,000. But at the end of last year, they learned that Pantheon had been wound up by the Insolvency Service after failing to file accounts.
Although I have very little sympathy. These people are venal and greedy, and got stung by their own appetite, and parsimony (since they skimped on using a proper financial adviser).
Was it P.T. Barnum that said "There's one born every minute" ?. As true now, as then, as the lads from Lagos know only too well.
It would help an awful ****ing lot
if the banks themselves put their house in order.
I still get phone calls - genuine - from banks who expect me to cough up personal details before they will tell me what I am calling about.
To be fair it's not just banks. All sort of organisations do it.
The single biggest thing that could tackle these frauds is a industry agreement (mandated by legislation if needs be) that a calling agent never asks for security details.
Re: Just drop the damn thing when above the point you want to be above...
These are criminals. Hardly the sharpest tools in the box to start with. The fact that some of their number were *inside* the jail rather underscores the point.
If they were capable of design and build as described, they wouldn't be criminals.
Have an upvote sir, I agree about WinPho, it's actually quite nice. As always, shame about the dearth of apps.
Your Sinclair !
Didn't realise this was a Dennis publication. Maybe explains why copies were never lodged with the British Library (as I discovered when I was doing some undergraduate research in 1988).
Still, their horror at seeing me with a copy of a magazine they tried to tell me didn't exist did get me a pass to the library proper, which was almost unheard of for an undergraduate.
RIP Felix ...
from someone who's subscribed to Fortean Times since before El Reg was born
so how are you therefore entitled to compensation?
We live in a liberal democracy. That supposes we *all* live under the rule of law. Including (and especially) the government.
If the government causes people to suffer, because it breaks it's own laws (which it did in the JSA case) then those people are entitled to redress.
For a government to rush legislation through parliament to retrospectively deny claimants the money they were due (again, under the governments own laws) is a shocking abuse of process, and one which may well be found to be unlawful, when reviewed against the UKs undertakings to the European Convention on Human Rights.
The fact that Labour colluded with the government on this makes them hypocrites of the highest order. The fact that the poor in society have some notion that Labour is looking out for them is one fact that might be used to demonstrate the stupidity of poverty.
we'd be better of bludgeoning them all to death.
better still, get them to bludgeon each other to death.
We need an Idi Amin icon :(
A textbook example
of ideology over practicality. It matters not a jot that this project will cost far in excess of any putative "saving" it will deliver. Because that wasn't it's aim to begin with.
It's real aim is to deliver an extremely cheap labour force to be exploited by the fatcat companies.
Personally I would question Labours sincerity. Don't forget they voted *with* the government to deny jobseekers who had been unlawfully deprived of benefits compensation. Something against the principles of natural justice, where a citizen has a right of redress against state misbehaviour.
Re: Wonderful Idea
I doubt there'll be any human element. It'll be a code controlled locker of some description.
Presumably it'd be a two way street, and you could return stuff this way ?
I still think there's a trick to be made for Amazon to come to a deal with one, or maybe *all* of the big supermarkets to piggyback onto their delivery networks. I appreciate the commercial realities would be for Tescos et al to say no (as they'd want to flog their own tat) but there's an upside that they might win some customers who plump for online groceries (where, after all, you ARE going to be in) just to get the Amazon stuff.
If anyone from Amazon or Tesco/Sainsbury/Ocado want to contact me ...
41 comments, and no one has picked up ...
The FCC said that it is seeking the penalties against Shenzen-based C.T.S. Technology, and has issued a cease-and-desist order halting sales in the US and demanded a list of individuals who purchased phone jammers from the company.
Be curious to know about the law about this. In particular if the named individual either denies being that person, or no longer has the device (sold it on, binned it).
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...