Follow Slashdot stories on Twitter


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:"accidentally" (Score 1) 89 89

by cbiltcliffe (#49994117) Attached to: Put Your Enterprise Financial Data In the Cloud? Sure, Why Not

So... for the first production run, the vendor decrypted the data, then emailed it back to the entire project team to see if it was right. This was names,family members/relationships, addresses and SSNs for about ten thousand people.

One of my clients is a medical practice. They've got an internal, non-cloud practice management database, which is stored on a computer right in the office. They got an upgrade from the provider, as part of their service contract, which had a slightly different database format, which for some reason, the provider hadn't written the program to upgrade by itself; it had to be run through an upgrade process at the provider's location.

So, the provider's tech connects up using GoToMyPC, or something similar, goes into the program, exports the data, zips it up.... ...and then transfers the entire fucking thing over an unencrypted FTP connection.
I should have been paying more attention, as it was almost finished the transfer, when I looked and realized he was using plain FTP. I asked him if the zip file was password protected, and he kind of hummed and hawed, before saying no. So, I tore a strip of him over the phone, and said if they ever did anything so stupid again, they'd get sued. Since they're not actually a cloud provider, with some indemnity terms in a contract, this seemed to hit home to him. At least the transfer back of the updated data was done over an encrypted connection.

But this is exactly it. The third party provider doesn't give a shit, as it's not their data. Even this company I dealt with, that deals _only_ in medical software, and knows the regulations regarding protection of related data, as they bake lots of password protections and such into the software itself, didn't give a crap when dealing with the actual data themselves.

Cloud providers are in the business of making money for cloud providers, while minimizing expenses in all areas. They are not in the business of securing your data, unless they can charge you extra for it. They are not in the business of ensuring your particular business succeeds. They are in the business of extracting money from you; that's all.

Comment: Re:Is this important? (Score 1) 76 76

Of course it's important. Jack Thompson (of anti-Grand Theft Auto fame) is perpetually trying to prevent people from playing video games. As it's now known that playing video games improves your preparedness for terror attacks, logically, it means that preventing people from playing video games reduces their preparedness for terror attacks. This is what Jack Thompson is doing, therefore, he's supporting terrorists.

Throw the fucker in Guantanamo.

(Of course, I'm kidding, but this is the only possible positive I could really get out of this. Otherwise, my sibling posters are right. It's just " scaaarrred! Evil Al Shabib is coming to get you!!!!"

Comment: Re:Codeword (Score 2) 479 479

Certainly funny. However, I can say I've never had it happen to me. Of course, I'm not in the US, so I don't have to deal with the right wing extremes that even the left wing of your society subscribes to.

Usually I wait a couple of minutes on hold, then get somebody on a much clearer line, with a completely different voice and accent, who actually knows what they're talking about, so I know it's a different person.

Comment: Re:Codeword (Score 5, Interesting) 479 479

Of course in the REAL WORLD you have to put up with the crap along with all the others :(

No. The real code word is a phrase:

"Give me second level support."

Usually it goes something like this:

Support: "Hello, this is Ranjit/Deepak/Rakesh/George Washington at tech support. Can I get your name/account number please."
Me: "Yes, my account is 12345. Can I get second level support, please?"
Support: "Do you have a ticket or reference number?"
Me: "No, but I'm a network engineer/software developer/I.T. professional, and I know everything you're going to ask me to try, I've already done. So, rather than waste both your time and mine, it'll be a lot easier if you just put me through to second level."
Support: "Ok, I can do that. Hold please."

Of course, be polite, and don't have a tone of voice that states you think the person you're talking to is an idiot. Smile while you talk. It really does affect how you come across, even over the phone.

Only once, in however many dozen/hundreds of calls I've made to tech support, have I ever had this not work. The time it didn't, we went through the script, and at the end, this happened:

Support: "I'll transfer you to second level support."
Me: "So, if you'd just done as I asked in the first place, we both could have saved a bunch of time here, couldn't we?"
Support: "Yes, I guess we could. Next time I'll do that."

So, even the one time it didn't work, the first level support guy was educated that when somebody knows enough to ask for second level, they probably know enough to have done what the first level script says, too.

Comment: Re: One-time pads (Score 1) 208 208

by cbiltcliffe (#49806609) Attached to: Australian Law Could Criminalize the Teaching of Encryption

Yes, you can have more than one. But then you're not "doing multiple transactions securely in the future using that one time pad" which is what the original poster stated.

Now, as to using a single, long OTP to encrypt several shorter messages....Ok, I'll give you that it's a single OTP retrieval from the bank, however, as far as the encryption is concerned, it's a bunch of OTPs that just happen to reside within a single file. You also have to coordinate starting position within the file for every transaction using that OTP string.

Comment: Re:One-time pads (Score 1) 208 208

by cbiltcliffe (#49806591) Attached to: Australian Law Could Criminalize the Teaching of Encryption

And if the OTP is much longer than a single transaction (which would work, I give you, although it's not really a single OTP then; it's more like a bunch of OTPs run through cat.) then you've got to coordinate somehow between you and the bank the position within the OTP where you actually start.

Comment: Re:A Data Point (Score 2) 175 175

I'm going to call bullshit.
Unless you've checked the box for "Allow Google to do absolutely anything with absolutely anything of mine, for absolutely any reason whatsoever."
I've never actually seen this option in Google's settings, so I doubt it's that.

I've already posted this, so here's the short version:
I've got an Android phone, Gmail account (which is linked to said Android phone), 2 YouTube accounts, both with videos uploaded, use Picasa for organizing my photos taken with both my Android phone and my camera.

I just checked Google Photos, and there is absolutely nothing there.
I have never had Google automatically copy files to my phone, even when I replaced my last Android phone with my current one, or the previous time I upgraded my phone, either. All 3 were Android devices, all linked to the same Gmail account.

So, what the hell are you doing, that Google copies undeletable photos to your new Android phone?

Comment: Re:What is on there already (Score 1) 175 175

What the hell are you doing with your stuff? I've got an Android phone. I've got a Gmail account. I've got a 2 YouTube accounts. I take photos with my phone all the time, all of which are still on said phone. I have videos uploaded onto both YouTube accounts. I use Picasa on my PC to organize and tag photos that I took with both my phone, and my more expensive camera.

I just checked Google Photos. Squat. There's nothing there. All my photos are safely restricted to my phone and computer.

What the heck are you doing, or what settings have you configured, that have photos from over 5 years ago automatically stored in Google Photos?

Comment: Re:One-time pads (Score 1) 208 208

by cbiltcliffe (#49736395) Attached to: Australian Law Could Criminalize the Teaching of Encryption

A one time pad allows me to get the one time pad from the bank, and do multiple transactions securely in the future using that one time pad.

Are you seeing the problem here? Please don't talk about encryption if you have no clue what you're talking about. It's called a one time pad for reason.

Comment: Re:unacceptable (Score 1) 121 121

We must develop a new deep AI which will attempt to do what is best for our country and people.

So then we pass control of the country to some corruptible, bribable idiots we have a hope of voting out to some small group of corruptible, bribable AI developers who we may not even know who they are. Sounds like a great idea. Pretty sure SHODAN wouldn't do very well running the country, either.

Comment: Re:Per minute... (Score 1) 293 293

What's your point? Considering all of my calculations were approximate, some rounded high and some low, they'll balance out reasonably well.
Regardless, GGP calculated an amount of travel per hour, and tried to pass it off as a per minute travel, making it seem much worse than it is. Whether it was an accident, or a "WE'RE ALL GOING TO DIIIIIEEE!!!1111" alarmist statement, I have no idea, but it was flat out wrong. My calculations are much more accurate, regardless of my approximations.

Comment: Re:Good thing climate change isn't real! (Score 1) 293 293

You're wasting your breath. To an AGWer, "historical" starts at about 1750. Nothing before that exists. No amount of pointing out that what we're seeing now is a repeat of innumerable previous changes will do anything, because they can't see back that far.

Loan-department manager: "There isn't any fine print. At these interest rates, we don't need it."