* Posts by Charles 9

10414 posts • joined 10 Jun 2009

LastPass now supports 2FA auth, completely undermines 2FA auth

Charles 9
Silver badge

Re: Banking

Unless, of course, it's an extended weekend (coming up here in the US) and/or you're far from the nearest local branch (assuming they HAVE brick-and-mortar branches)? Or worse, they refuse to believe you?

0
0
Charles 9
Silver badge

Re: Is this really 2FA?

What happens when you routinely have to handle sensitive data BUT you're also highly prone to losing things like your keys, meaning you're likely to lose the fob?

0
0
Charles 9
Silver badge

Re: Complex passwords stuck on a post it note under your desk

Unless, of course, you're MUGGED and they take advantage while in an unconscious heap.

0
0
Charles 9
Silver badge

Re: Is this really 2FA?

And what if you LOSE it? Or they break the system like in the RSA attack? People lose their keys already, let's not try to add something ELSE to lose?

0
0
Charles 9
Silver badge

Re: Non issue?

If they can pwn the point of entry, then any other kind of entry screening is moot since they still have to go through the point of entry. IOW, 2FA isn't going to work not because it's going to the same point as the pwned point of entry but because it'll have to go through the pwned point of entry anyway.

1
0
Charles 9
Silver badge

Re: Date of birth

So you say all your dates (xxxx, mm dd)?

What about all the hispanics and so on that say "dd de mm, yy" (or simply English who say "ddth of mm, yyyy")?

Anyway, the mm/dd/yyyy format is consistent with Americans and many other English speakers who say "mm ddth, yyyy".

The ISO date format is as much a mishmash of letters and dashes as any other date format. The ONLY reason it's so useful in computers is that it AUTOMATICALLY sorts dates chronologically if you perform a simple ASCII sort (to the second if you use the extended format which includes a 24-hour time).

0
0
Charles 9
Silver badge

Re: Banking

"The pin is only in my head and that card is never used outside the house."

So what happens when (not if) Murphy strikes and you FORGET your PIN?

0
0
Charles 9
Silver badge

Re: "non-cloud based managers trump all"

"However, if any of your devices with KeePass gets hit by keyloggers / slurp-happy Malware, won't you be screwed too? Example: WAGS borrows your device in the car to look up directions to 'Hotpoint'. Hotpoint site gets compromised again... Game-Over, no???"

If a point of entry gets pwned, you're screwed no matter what. Things like KeePass at least make it hard to pwn you OUTSIDE the point of entry. If LastPass gets hacked, you can get pwned outside the point of entry.

0
0
Charles 9
Silver badge

Re: Complex passwords stuck on a post it note under your desk

So what if you have a bad day and FORGET the PIN?

0
0
Charles 9
Silver badge

Re: 2FA has been broken for a while

Oh? What if they steal the secrets needed to crack the algorithm? Wasn't that what the RSA attack was about?

PS. If they pwn the login point, then no amount of security will work because it can hijack anything at the point of entry. Even OTPs.

0
0
Charles 9
Silver badge

Re: 2FA migration

One, you can't properly back up a stock phone. Two, most OTP generators are keyed to both phone and Android serial, which can change on a restore. Used to happen to me with Authy.

1
0
Charles 9
Silver badge

Re: Straightforward algorithms

Even phrases become hard to remember past say ten or twenty sites. I always put it like this: "Was it CorrectHorseBatteryStaple or DonkeyEnginePaperclipWrong?" Especially if you refuse to leave grammar clues.

0
0
Charles 9
Silver badge

Re: 256 bit AES encrypted plain text file

That's one reason people like us like KeePass. It already uses strong encryption by default, let's you a file as a key, and it's FOSS.

0
0

Supreme Court closes court-shopping loophole for patent trolls

Charles 9
Silver badge

Re: Simpler answer (Energy Co in E-Texas)

Nope, because it's likely long since expired, given internal combustion engines have been around for over a century by now.

0
0
Charles 9
Silver badge

Re: Look out Delaware!

Delaware's friendliness tends to favor factories, warehouses, and distribution centers. No sales tax among other things makes it advantageous to settle there. I believe Oregon has a similar business-friendly structure.

1
0
Charles 9
Silver badge

Re: Note the vote 0-8

I think the difference is whether or not product is exported directly to the buyer or run through some affiliate or subsidiary first. The latter can be sued directly while the former usually have to be taken to trade courts.

1
0
Charles 9
Silver badge

Re: Note the vote 0-8

An international company with no US presence couldn't be sued in the US due to lack of jurisdiction. Those kinds of cases usually go before the international trade courts which are a special case. Besides, isn't it normal for a company doing business in the US to have some sort of US presence for legal reasons?

4
0
Charles 9
Silver badge

Only if the DEFENDANT is incorporated in Delaware. That's the big thing. Patent trolls basically have to take on violators on their turf.

16
0

EU security think tank ENISA looks for IoT security, can't find any

Charles 9
Silver badge

Re: if the mandate is that the device will ...

Especially if "setting up" requires a computer the owner may not possess.

0
1

Kill Google AMP before it KILLS the web

Charles 9
Silver badge

Re: I like AMP

It's the PUBLISHER'S responsibility since they're in the best position to know or figure out whether or not the piece in question is true or not. Anyone else would not be in a good position to know, especially if the content is exclusive. Besides, the LEGAL liability (under libel law) fall to them, does it not?

0
0
Charles 9
Silver badge

Nope, consider Facebook and Twitter.

0
0
Charles 9
Silver badge

Re: Break them up Now!

Like breaking up AT&T really did much long-term. Besides, how do you fight a TRANSnational who can hide behind foreign sovereignty?

0
2

Hi! I’m Foxy! It looks like you want to run Flash. Do you need help?

Charles 9
Silver badge

Re: Until Adobe oficially kills Flash

But what if turns out to rise again like a zombie. Without a head, so sorry, folks, the old "shoot 'em in the head" ain't gonna work.

1
1
Charles 9
Silver badge
Devil

So what happens when you really DO need Flash and you don't even know it, then? Hate to be at the Help Desk when THAT happens, especially when the caller happens to be someone high up.

0
2
Charles 9
Silver badge

Re: @adrian4

But what if Z doesn't exist? It's like with medical equipment manufacturers still using outdated operating systems to stay legally-compliant. If EVERY site that has the W you need REQUIRES the use of Flash, then you're stuck with a Hobson's Choice (as in Take It Or Leave It). Some people may be willing to walk away, but for some it can result in collateral damage, such as not being able to use a piece of computer equipment for a job which means it'll have to be replaced (a more-expensive proposition).

1
1

WannaCrypt: Roots, reasons and why scramble patching won't save you now

Charles 9
Silver badge

Re: virtual machine

And the manufacturer is NOT your friend since you can't replace the machine: it isn't yours to mess with. Remember that infamous boilerplate: Breaking this seal voids all warranties and service agreements.. It's basically an untouchable machine that's an integral (and to the manufacturer, inseparable) part of the six-to-seven-figure whole. And no, airgapping won't be an option since it has to be able to transfer the fruits of its labor, and a USB drive can pwn a machine just as easily as a network connection.

1
1
Charles 9
Silver badge

Re: virtual machine

Unless the system you're trying to virtualize has custom hardware. A virtual machine cannot virtualize what it doesn't know, and a black-boxed custom ISA interface card is about a non-upgradeable and non-virtualizable as you can get. And if the manufacturer refuses to replace the computer without replacing the entire works (at a six-to-seven-figure cost), what are your options?

1
0

Do we need Windows patch legislation?

Charles 9
Silver badge

Re: Vendors, do your fucking jobs and fix your shit.

But what if there's no way to upgrade the OS because Vista and up DROP support for a key piece of the HARDWARE that runs the thing (like say a custom-build ISA interface card--support for ISA was DROPPED in Vista)?

0
0
Charles 9
Silver badge

Then how does it get instructions? REGARDLESS of the method, it can be an inroad to infection.

0
0
Charles 9
Silver badge

"What would have helped would have been the certification authorities requiring long term support."

Then what happens when NO ONE passes because of it? Now you have NO suppliers.

0
0
Charles 9
Silver badge

Re: What

"Someone bought a GBP500,000 molding machine that is tied to an obsolete operating system?"

Yes, because the alternative was probably buying a GBP600,000 molding machine tied to an obsolete operating system. IOW, this is what happens when EVERYONE uses commodity stuff to undercut the competition and win contracts.

0
0
Charles 9
Silver badge

Re: The answer I wanted was not there

So what happens when you need software and NO ONE is willing to provide the source, say for trade secret reasons? Do you go without or roll your own?

0
0
Charles 9
Silver badge

Re: Fit for purpose?

And IF one is offered, which may not be possible if all the manufacturers refuse as a bloc.

0
0
Charles 9
Silver badge

And if NO ONE agrees, meaning the contract goes unfulfilled and machines start needing to be replaced? Remember there are very few manufacturers of this specialized and very expensive medical equipment. It's a seller's market. They can probably afford to wait it out while customers from other countries ring in.

0
0
Charles 9
Silver badge

Re: Eternity

Except we're only human. You expect perfection out of us, and not even the military and airline industries are spotless.

0
0
Charles 9
Silver badge

But what happens WHEN (not IF) a security update breaks your machine? Get pwned or get bricked?

0
0
Charles 9
Silver badge

If he was so ticked, why does he stick with Windows. Almost sounds masochistic.

0
0
Charles 9
Silver badge

Unless EVERYONE is using it, leaving you in a bind.

0
0
Charles 9
Silver badge

Re: I blame the management....

More like you COULDN'T pay the water bill because the captive market jacked up the price beyond affordability. And water is scarce where you are so only experts know where to look: making them unavoidably expensive and risky to go it alone.

0
0

Bye bye MP3: You sucked the life out of music. But vinyl is just as warped

Charles 9
Silver badge

Re: Permanent Storage

M-Discs aren't that cheap ($90 for a pack of 5 or $425 for a spindle of 25) and don't scale well even now; just think ahead when 10TB SSDs become common. We really need one that can do 20TB on the low end.

For now, I think RDX represents the closest thing to an archival-quality solution for the SMB market. Though they're mostly rust drives, they're designed with longevity and ruggedness in mind, and they at least offer capacities up to 4TB with room for more down the road.

2
1
Charles 9
Silver badge

Re: Permanent Storage

"My issue is that there isn't anything permanent to store data (write once, no degradation)"

Because you're chasing unicorns. NOTHING lasts for extremely long periods, especially if abused. Even stone can suffer erosion or crack to an earthquake, and diamonds are actually UNstable over geologic time (graphite is carbon's most stable form at STP). The best you can do is buy some time, the price rises with the length, and there are no real guarantees.

And over geologic time? The Kansas song "Dust in the Wind" springs to mind.

2
2
Charles 9
Silver badge

Re: Never mind blind tests...

"The only way I can get the best out of music these days is like that bloke in the Pratchett quote up there ^ somewhere..."

So you know, that "bloke" was Ankh-Morpork's Patrician. A bit of an oddity in terms of tastes, but undoubtedly the most canny potentate on practically all of the Disc.

Anyway, a deaf test would defeat the purpose. The idea is to blind you so you don't know what you're hearing (or tasting in the case of a taste test). I suppose you could use a deaf test when you're trying to compare two things by eye so you don't pick up on subtle audio clues.

1
0
Charles 9
Silver badge

Re: Shame

"Well, you'd think so. But while manufacturers like it when they don't have to pay licensing fees for patents, they like it even more when they have an excuse to move customers on to a new format and sell us new kit to play it on."

I wouldn't worry too much about. Without patent encumbrance, hobbyists can now legally link MP3 libraries into their tools and provide converters and the like for you to use. And since FLAC is an both lossless and open, you should always have some safe refuge.

Me? I use both. I use FLAC for gapless recordings because they're sample-exact (the next-best option would be Ogg Vorbis since it at least records the sample length) and use 320kpbs MP3 for general music as an effective compromise (they're smaller than the FLACs and under normal—read rather noisy—conditions I can't tell what I'm missing).

2
0

Lyrebird steals your voice to make you say things you didn't – and we hate this future

Charles 9
Silver badge

Re: And some banks are starting to use

"Any bank offering this will become very quickly my ex-bank !!!"

And what happens when (not if) EVERY bank offers this? Will it be back to cash under the mattress?

0
0

Robot lands a 737 by hand, on a dare from DARPA

Charles 9
Silver badge

Some would say a machine would make a better second opinion than a human, as pilots tend to become chummy, causing confirmation bias. Much harder to do with a machine, particularly one programmed outside the pilot's control.

0
0

The real battle of Android's future – who controls the updates

Charles 9
Silver badge

Re: No Skins please.

"Who knows how big the I want vanilla android crowd is .. because it is hard to get if you want other features on a phone (e.g. removable battery, SD card etc) ."

Econ 101 tells me that if there is no supply, then odds are the demand isn't there. Otherwise, someone would jump on the chance to steal a march on the big boys.

"I'm sure very few people want / appreciate all the (non removable unless you root) bloat apps vendors chuck on a phone and would sooner have the extra storage space instead."

Wanna bet? Credits to milos they don't even notice. The rest? They actually USE them! Remember, if there were real demand, they would've filled it before someone else did. Yet what are the best-selling phones on the market?

"What Google ought to do is make a way to get rid of junk (this includes installed Google apps that are never used) without rooting your phone."

They'd instantly lose manufacturer support (because guess what was one condition of using Android), leaving Google with no way to compete with Apple. The market would've become a one-horse stable without Google's aggressive tactics.

0
0
Charles 9
Silver badge

Re: and it's not going to get any better ...

But you said, "DECENT," which to my ears means something out of a Votrax chip. By GOOD, I'm referring to speech playback that actually sounds darn close to coming out of an actual person. The difference between the built-in TTS and the cloud TTS is like night and day and will remain that way for a while yet. Just compare by trying the system in Airplane Mode so it can't access the cloud.

0
1
Charles 9
Silver badge

Re: No Skins please.

"You mean they'd then have to compete on actual FEATURES."

Except the Feature War's pretty much hit a stalemate. As much as you like the features you've mentioned, you've been outvoted by the bling-lovers who will outpay you for less features, meaning you're out of luck. Anyway, all the manufacturers have pretty much hit the peak of what they can pack into their phones while keeping them slim (remember, in the REAL phone world, slim sells). You've seen one phone, you've pretty much seen them all, so the war moves to the software front. Sad, but true.

2
0
Charles 9
Silver badge

Re: @Charles 9

Work on using ARM processors in servers is actually providing inroads into a common enumerated bus for ARM-based systems (look up SBSA or Server Base System Architecture).

As for trying to force cutthroat SoC manufacturers to comply, it'd be easier for Google to do what Apple did and take out their own ARM license and roll their own silicon. The likes of Qualcomm, Rockchip, and Mediatek get enough business from other sources that, if push came to shove, they could simply walk away.

0
0

US court decision will destroy the internet, roar Google, Facebook et al

Charles 9
Silver badge

Re: No reasonable person can ever know if I have permission

"oh, my various dieties, NO! let's not go there, ok? we dont' want some kind of "attach legalese" requirements on intarweb content."

Please, you do that with real-world content (attach a release to the documents or whatever). Why not here?

And as much as people hate lawyers, would you prefer the alternative of having to mine your way through the laws of the land yourself? Because then lawyers become a lot like democracy: bad as they are, they're still better than the alternatives...

0
1

Forums

Biting the hand that feeds IT © 1998–2017