Forgot your password?

Comment: Re: Apple Pay (Score 2) 344

by Just Some Guy (#48163271) Attached to: Apple Announces iPad Air 2, iPad mini 3, OS X Yosemite and More

Do you have a cite for this? I'm pretty familiar with how Google Wallet (with and without a hardware Secure Element) works, and I *know* that CC info is presented to the POS in order to make the transaction.

Any of the hundreds of articles about how Apple Pay works. Here's one that explains that the device gives the credit card terminal a 16-digit randomized token and a unique one-time-use CCV. Payment processors use the pair to identify the credit account to bill.

In short, your actual credit card numbers never leave your device. Google for "apple pay token" if you'd like to dive into further detail.

Comment: Remote Backups (Score 1) 150

by Just Some Guy (#48150653) Attached to: If Your Cloud Vendor Goes Out of Business, Are You Ready?

I find that cloud backups are an excellent complement to local backups. I have a 6TB Synology unit at home that stores all our family photos, Time Machine backups, scans of all our important docs, etc. I love and trust that little server. I also have it configured to ship nightly backups to Amazon Glacier so that if my house burns down and takes the Synology with it, I can restore it all and have my digital life back.

I guess I could buy a second unit and keep it at work, but that's a lot more effort than setting up a scheduled job to sync everything up to a remote server without my manual intervention.

Comment: Re:Web server for printing... (Score 1) 174

by Just Some Guy (#48150317) Attached to: Apple Releases CUPS 2.0

even still, the only time anyone I knew personally printed anything from a mobile device was over 10 years ago and that was in an electronics store, printing goatse over bluetooth to a printer on display.

The last time I did it was this morning when my kid's school emailed a permission slip that I needed to sign and return. I like not having to go find my laptop, locate the same email, and print from there when the thing I want printed is already being displayed on the phone screen that I'm staring at.

Comment: Re:I think the part that scares me.... (Score 1) 149

by Just Some Guy (#48143635) Attached to: ISPs Violating Net Neutrality To Block Encryption

Not only did this company not have the chops to figure out that 'someone may have incorrectly configured a firewall!', oh no. They decided to compound their inadequacy by including it in a filing to the god damn FCC.

Yes, they should be experts in gear they may not themselves be using. They should also not complain to the government office responsible for receiving complaints about such things, because ISPs always do such things as honest mistakes and not as predatory rent seekers.

Comment: Re:The "It's not working" attack (Score 1) 149

by Just Some Guy (#48143581) Attached to: ISPs Violating Net Neutrality To Block Encryption

We need the equivalent of HSTS but for SMTP. Maybe it replies with a "250-ALWAYSTLS" to EHLO, and clients and other servers cache the fact that "server always wants TLS". Then those clients can warn users when their messages can't be delivered according to the recipient server's TLS policy.

This would be so easy if we had DNSSEC or an alternative equivalent, so that you could publish something like an MX record but with added content like "always use an encrypted connection" (perhaps replacing MX records with SRV, maybe?). They'd have to be signed, though, or you could count on ISPs to forge false records.

Comment: Re:OK... (Score 1) 177

It kind of does. Well, at least it will go a long way toward having your opinions fall on deaf and unwelcoming ears - here, anyway.

I don't know you, Florian, and I don't have anything against you personally. You might be a great guy that I'd enjoy hanging out with for all I know. However, I'm sure this isn't the first time you've heard that large chunks of the F/OSS community don't particularly trust you. I can't comment on your disclosure timeline that you described in another post, but I know that I was disgusted to find out that you'd written some very supportive stuff about a company which was seen as attacking Free Software, and then it came out that they were paying you. While you have as much right to speak your opinion as anyone else, you can't be surprised that forums like Slashdot are unlikely to care to hear it.

Comment: Re:Oh great (Score 2, Interesting) 545

by Just Some Guy (#48135319) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.

The part you're missing is Markov chains and Bayesian analysis. I'll bet a reasonable corpus of phrases would show that "is" follows "love" fairly often, and "love is beautiful" is far more common than "love is axiopisty". Similarly, "birds that sing" is hugely more likely than "birds that exhibitorship".

While the whole phrase is unlikely to be the first random thing someone types, each word in that phrase is quite likely to be the one chosen based on its predecessors. I still think correct horse battery staple is a poor idea compared to a strong randomly generated string, but /usr/share/dict/words on my system has 235886 entries and 235886^4 ~= 2^72. That's reasonably random. I would much rather have to iterate through Markov chains branching from each word in the dictionary and trying the likely phrases than to have to brute force each possible 4-word combination. I don't have the numbers to back it, but I bet you could reduce the search space by quite a lot of orders of magnitude.

Comment: Re:Healthy relationship (Score 2) 622

by Just Some Guy (#48134065) Attached to: The Correct Response To Photo Hack Victim-Blamers

Somehow that doesn't sound like a loving healthy relationship. It sounds like a relationship based on sex and mutual attraction.

By what corruption do you assume that those are mutually exclusive? It's perfectly normal to be in a loving, healthy relationship with someone you're attracted to and want to have sex with. If Ms. Lawrence wanted her boyfriend to think of her when the separation grew unbearable, then that's between her and her boyfriend. There's nothing remotely unhealthy or unusual about that.

Comment: Re:Victim blaming? (Score 1) 622

by Just Some Guy (#48134017) Attached to: The Correct Response To Photo Hack Victim-Blamers

Everybody already knows that the only way to absolutely guarantee that your nude selfies don't get out, is not to take any.

No they don't. Lots of people believe that Facebook's privacy controls actually work as advertised, and that WhatsApp messages disappear after a while. Most people have no idea how a computer works, and anyway it would never occur to them that you could just use a camera to take a picture of your screen if you really wanted to preserve a photo or chat so badly.

You and I know that privacy controls mean "best effort but no guarantee" and that DRM is impossible, but plenty (maybe most) intelligent adults don't have the technical background to reach the same conclusion.

Comment: Re:Victim blaming? (Score 1) 622

by Just Some Guy (#48133957) Attached to: The Correct Response To Photo Hack Victim-Blamers

Telling someone it's a bad idea, in all of those cases, is not "victim blaming."

Thank you! If you want to blacklist all advice giving as victim blaming, then you quickly create an environment where it's impossible to give someone safety tips without someone else calling you an ass for doing it.

By the way, I wrote up my own advice to my children in "What I Tell My Kids About The Internet". I'd be very upset if my kids' private information was leaked all over the place, so I gave them practical advice on how to make that not happen. This isn't the same as blaming them if it got out anyway.

Any given program, when running, is obsolete.