Forgot your password?
typodupeerror

Comment: Re:Why not a master password for the PW manager? (Score 2) 113

by Mortimer82 (#47769843) Attached to: Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support
You just happen to be super vigilant with your security and if Chrome had implemented a Firefox style password protected password manager it most certainly would not have met your needs either. You are very different from the vast majority of users and the most worthwhile measure you take above Firefox and Chrome, is that you compartmentalise your passwords. You however are a part of a very small number of people who go to those lengths and for the vast majority of users who have all their passwords in the same "vault", they would expose all their passwords within a day, making Chrome's strategy of leveraging Window's API arguably more secure than building their own. And keep in mind the vast majority of people would be infected for weeks or even months before they notice.

As for your argument about key loggers being "harder" to develop than other malware, keep in mind that a lot of malware these days is bought as a kit with a tonne of features. The people writing the malware are typically separate from the parties utilising the malware and once a password stealing module is written, it's available for everyone else to use, regardless of how hard it was write. Also, who said it had to be a key logger? It could be sniffing unencrypted memory, peeking forms in the browser window, it could be watching in countless different ways to avoid being detected as a key logger by AV.

And in regards to AV watching for key loggers, if they know to watch for key logger type activity, then it stands to reason they could also log attempts to read the password management API. In practice it's a cat and mouse game, as AV writers work to detect malware activity, malware writers work to avoid detection.

Malware writers are financially incentivised to come up with solutions, do not think that the hurdle required to get key sniffing is substantially different to that required for using the Windows API for password management, if it takes them a couple of weeks more to write one method, they might bill their clients more, or perhaps they are forced to include the feature so their clients don't use a competing product.

While you are a rare exception as you take extraordinary lengths to protect your credentials, for the vast majority of people, once they have malware, everything on their user profile is likely compromised and single password vault vs Windows API won't help them one bit, except that the Microsoft developed password vault is more convenient to users and likely better than a comparatively simple solution which would ship with a browser.

Comment: Re:Why not a master password for the PW manager? (Score 1) 113

by Mortimer82 (#47769011) Attached to: Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support
If you are infected with malware, that malware could just as easily watch the password you type into a password manager, if anything, for Windows users, using the supported, well tested and proven Microsoft APIs is likely to be much better than Google trying to reinvent a wheel, which at best would still not be quite as convenient for users.

Comment: Re:Why not a master password for the PW manager? (Score 2) 113

by Mortimer82 (#47768909) Attached to: Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support
Once you have any kind of malware on your computer, you have to assume anything you do within the context of that user account is compromised. Any malware which can read your password database could also just as easily be watching your activity and record the password the next time you enter a global password into a password manager.

As a user who is already used to quickly pressing Win+L to lock their computer each time they leave their desk, leveraging the Windows APIs is exceptionally convenient, especially when I consider that I don't have to manage yet another password independently of my Windows login password.

Also, those of us who recognise that it's no longer mid-2000 and that Microsoft has become a company who arguably sets one of the best examples on how to develop software securely, I have confidence that their API for this is thoroughly tested and proven. For Google to even attempt to come close, they would need to expend considerable effort which would ultimately achieve, at best, a reinvented wheel which would also be less convenient for Windows users.

Comment: Re:April Fools! (Score 1) 162

by Mortimer82 (#46642863) Attached to: Subversion Project Migrates To Git
Our project's team decided to move from SVN to Git a few months back. We develop for .NET and were all used to working with TortoiseSVN with code being managed on a server which could control access to different repositories.

We had one guy who recently joined our team who knew Git and felt it was worth taking the plunge and moving to it, acknowledging that we would initially be frustrated at having to learn a new tool.
We use TortoiseGit along with Gitblit to host the repositories and at this point I have to say I am super happy we made the move. Learning something new is always a little painful, but it was well worth it in this case. If you're used to TortoiseSVN, then TortoiseGit really helps and I personally have not had to use a single Git command.

Git empowers you more as a developer because while SVN essentially forces its changes onto you as you fetch latest, with Git, you get much greater control in how and when you merge your changes with the repository. If you are uneasy about a merge, you can make a branch in just a few seconds and test it there first. The nicest though is how you can commit locally without having to push your changes to other users, this is especially useful if you are doing a refactor and want the ability to create rollback points every hour, but don't want other developers getting your not yet complete work. You create a branch locally, commit every 30 minutes or hour, then when the whole task is completed, you can merge your commits into one (if you want), then push to the central repository for the rest of the team.

If your refactor took a week, you can avoid the merge pain of other developers work by regularly pulling their changes into your perhaps every day or even every hour, and everytime you want to merge, you can roll it back if something turns our badly.

The thing to understand about Git is that there is no "central" repository authority like with SVN, instead everyone has there own repository and Git provides a nice way to selectively pull and push changes between different repositories in a way that you have much greater control over. In our corporate environment, we do use a central repository as that's where the backups happen and it's also much easier than trying to sync with peers. The end result is a process that in practice can work identically to SVN, but also gives developers greater power on their own computers, if they want it.

It really does empower you, but as with anything truly worth doing, there is effort required and you must be prepared to invest. I also recommended that at least one person on your team is already familiar with Git as an in person explanation to any issue you have is much faster than trying to research it online.

Comment: Re:What a Load of Bullcrap! (Score 1) 1199

by Mortimer82 (#41571005) Attached to: Hiring Smokers Banned In South Florida City

Your nickname suits you very well.

Cigarette smokers who do not recognize the imposing obnoxiousness of their entirely optional habit and the burden it places on society, are by definition, selfish.

As they have made themselves practically dependent upon their habit they will of course defend it tooth and nail. The very fact they made the completely irrational decision to smoke knowing all the negative impacts of it and then go on to *defend* their irrational decision, leads me to conclude they are either plain stupid or otherwise generally irrational, and hence, cannot be reasoned with.

Comment: Re:What a Load of Bullcrap! (Score 1) 1199

by Mortimer82 (#41570579) Attached to: Hiring Smokers Banned In South Florida City

Depends on where you are.

Where I am, it is against the law to urinate in public, probably as it is a health hazard and in general the community finds such behaviour unpleasant. Smoking in general public areas is not yet illegal in all places unfortunately.

And even if there are designated smoking areas, why do I have to pay extra taxes so that a council can make a special smoking area in a park, or in the price of my meal, subsidize the cost of the restaurant to build a special smoking area? Urination is an avoidable part of the human condition, smoking is not.

In regards to other unpleasantness, I encounter the way too much perfume problem maybe once every few years or if it's at the work place, that is something that can addressed by company policy. I live in a city and have no livestock farms anywhere near me and if a neighbour decides to use manure in their garden, sure it's unpleasant, but it's once a year and doesn't have the side effect of poisoning their garden.

Cigarette smoking is a selfish habit which is a burden on society and it's negative aspects dwarf any possible aspects, as a member of society it is my opinion we should weigh up whether or not we should really put up with such a burden. The only kind of person who would say otherwise is said selfish cigarette smoker.

Comment: Use original packaging if possible (Score 1) 249

by Mortimer82 (#41570413) Attached to: Ask Slashdot: Transporting Computers By Cargo Ship?

I recently moved from Ireland to South Africa and had a NAS, laptop and two LCD screens shipped over.

With the NAS (http://www.readynas.com/?cat=4) I put it in the original antistatic bag and then in its box, padded with a bit of bubble wrap and these packaging air bags. I shipped it with all its hard drives inside.

With the screens I had their original packaging, a simple plastic bag, then placed inside polystyrene packaging then in their cardboard box.

With the laptop (oldish now, so wasn't too fussed), I just put it in a regular packing cardboard box with some clothes around it.

All items arrived fine, perhaps I was luckier than some, but it seems the shippers were reasonably careful with my goods based on the state of the boxes.

For my actual computer, I disassembled it, threw away the case and the rest I put in my checked in luggage, that way I didn't have to wait the 3 months for the shipping to happen. Shipping took a long time as I didn't have much to bring back and it took a little while for enough other people to come along so there would be enough to fill up the container.

Comment: Re:What a Load of Bullcrap! (Score 1) 1199

by Mortimer82 (#41567883) Attached to: Hiring Smokers Banned In South Florida City

You've really answered your own questions.

The fact that you needlessly made yourself addicted to cigarettes is entirely your own doing, many people are highly effective at complicated/stressful/tedious jobs without the need to smoke. Smokers almost always take more breaks than employees who don't smoke and if they don't take regular smoke breaks, then their productivity suffers until they get their "fix". Why should an equally qualified and experienced smoker who spends less time being productive due to their habit get paid the same as me?

It really makes perfect sense to discourage smoking as it ultimately reduces economic output.

As for the story summary, times have moved on since the time of those particular people, humanity now knows better. The world would be a better place if smoking became unacceptable and the newer generations didn't get as easily addicted to the expensive and harmful substance.

This is of course all besides the fact that smoking is an expensive, unhealthy and above all, highly disgusting and typically inconsiderate habit. To me, walking past someone who is smoking is about as pleasant as walking past someone urinating against a wall.

Comment: Re:Unsubstantiated Rubbish (Score 4, Interesting) 272

by Mortimer82 (#41301145) Attached to: Activision Blizzard Secretly Watermarking World of Warcraft Users

Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.

From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.

Comment: Re:Unsubstantiated Rubbish (Score 4, Informative) 272

by Mortimer82 (#41300141) Attached to: Activision Blizzard Secretly Watermarking World of Warcraft Users

The thread indicates it may have appeared during WotLK alpha builds and only contains:
- Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included)
- IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers).
- The time the screenshot was taken

I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.

I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.

Of course privacy zealots will say otherwise, but each to their own.

Comment: Chrome's UI is just more polished in my opinion (Score 3) 665

by Mortimer82 (#40880177) Attached to: Why We Love Firefox, and Why We Hate It

It's not just about features, it's just that it feels like Google properly thought about every aspect of functionality of their chrome for the browser. For example, it took ages for Firefox to implement that tabs don't resize themselves after closing until after you move the mouse away. And even now, the drag handle for the Firefox window is only on the window title area and you still can't use the unused tab area as a window drag handle, where on Chrome it works fine. It's these tiny little details that I really appreciate about Chrome.

That being said, I still love Firefox's awesome bar, works better than Chrome's default address bar by a long shot, if I recall there is a Chrome extension which works the same, I may look into that, but it's not a deal breaker for me.

Comment: Re:They're pointless anyway (Score 1) 265

by Mortimer82 (#40373263) Attached to: How Would You Redesign the TLD Hierarchy?

Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.

I always thought of it as a delegation thing which is really convenient for the users of that country. I can pay in my local currency for a local domain name and deal with a local company, rather than having to deal with dollar exchange rates and US based companies which may have vastly different business hours. It also means that things like trademark disputes can be handled locally, rather than one having to deal with US laws. It's also in the interest of said governments to keep money local (for local only businesses) rather than a constant stream of money trickling from their country to some U.S company for no particularly good reason except that the U.S. kind of got the monopoly.

In fact, if anything I think it's the generic top level domains which messed things up. With the U.S. controlling the internet first, no one really bothered with the .us ccTLD and instead used the "default" top level space, while ccTLDs are effectively 2nd class.

I think a lot of the problems with GLOBAL contention of .com namespace would be much less of a deal if it never existed and like pretty much the rest of the world, US entities used something like .co.us / .com.us.

Of course ccTLDs create their own set of challenges for international businesses, who may feel forced to maintain their domain names in all the countries in which they operate, but it also means that a silly local only mom and pop business in the US wouldn't get the the "default" .com address which is greatly coveted by a multinational, but European only company.

I'm not saying I feel this way myself, but if anyone ever wondered why Americans are often stereotyped as self-centred and oblivious to the fact they are only a part of an international community, it's stuff like this which doesn't help them. However, I acknowledge that DNS and the Internet was originally just an American thing and wasn't initially conceived to service the entire planet, but still, we are living in the world we live in, regardless of the intent or lack there of.

"If it ain't broke, don't fix it." - Bert Lantz

Working...