Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Skin deep, but that's where the money is ! (Score 0) 174

by NotInHere (#48615371) Attached to: Researchers Accidentally Discover How To Turn Off Skin Aging Gene

You can see on the example of Uber that taxi companies rather try to forbid the app than sell off their cars and develop and offer competing apps, or focus on rich people who don't want to travel with unprofessionals. But I admit, in this example you may be right, as you don't have to fear competition.

Comment: Re:Skin deep, but that's where the money is ! (Score 2, Insightful) 174

by NotInHere (#48615239) Attached to: Researchers Accidentally Discover How To Turn Off Skin Aging Gene

Billions of women (and men) around the world paying TRILLIONS for cosmetic product for what?

Skincare is the number one profit making venue for many cosmetic companies, big and small, all around the world

So, will the cosmetic companies let stupid progress destroy their revenue stream? Uh, I guess no. They will buy the researcher's startup for a shitload of money, and then suprise suprise it turns out the method wasn't so promising after all. And they will keep all patents on the technology so that nobody else can release a competing product.

Comment: Re:No init (Score 1) 149

by NotInHere (#48561471) Attached to: Ubuntu Gets Container-Friendly "Snappy" Core

You mean as something like this already has been suggested by lennart poettering? Yeah, there is something to it. Funnily the first dude answering the shuttleworth post was a systemD + btrfs fanboy...

But its good Ubuntu ppl removed this stupid btrfs requirement. I'm myself a fan of btrfs, but things should be exchangeable.

Comment: Re:U2F (Score 1) 247

by NotInHere (#48529727) Attached to: Ask Slashdot: Convincing My Company To Stop Using Passwords?

And what is the U2F protected by? Nothing. Anybody who gets hold of the dongle can use it, at least getting into the system protected by a mobile app would require them to steal the device *AND* get the password. And not all phones are locked with a password. There are phones locked with biometrics, or patterns that couldn't quite be called a password.

All those mechanisms can also be implemented by the company as a first factor. Indeed, a system with dongle only is insecure, but security is increased when you have 2 factor.

TFS is about "passwordless authentication". When people are on the "no passwords" train they should consider that phones also have passwords. What they want to say is perhaps they want a master password. But thats something else.

On top of this, there is also the possibility of de-authorizing the device on the server-side with the 2FA provider.

You can do the same with a dongle, I've already pointed that out.

Comment: Re:U2F (Score 1) 247

by NotInHere (#48527435) Attached to: Ask Slashdot: Convincing My Company To Stop Using Passwords?

The smartphone can be lost/forgotten, but at least smartphones tend to be encrypted/locked with the option to remote-wipe. A U2F dongle that is lost would seem to offer no such protection.

What is a phone encrypted/locked with? A password. So thats a second factor. Whether you enter it at the companies computer or at the smartphone is no big difference. As a company, I wouldnt rely my security on unlock passwords. How often do you enter your unlock password when other people could, in theory, watch you? How can you as company ensure your employees do this never?

Same for remote-wipe. You set it up with a password. When your dongle (or phone) is lost you don't even need remote wipe, as you can simply call your employer and say it was lost (I admit if you use your dongle for more than just one party it can be a bit of work). With remote-wipe you can never be sure whether the attacker didn't crack the phone, and now just sent a fake "I'm wiped" message.

The apps for 2FA services tend to offer a rotating key, so it's not a fixed password that can be guessed.

With passwords I've meant what I've described in the upper paragraphs. Those rotating keys are yet another thing U2F is better at. Do you want to copy supid strings from your phone to your computer? Also, this kind of 2FA is dangerous, as its only time based and allows for MiTM attacks. U2F protects from those too by also authenticating the server.

* * * * * THIS TERMINAL IS IN USE * * * * *

Working...