Forgot your password?
typodupeerror

Comment: Re:"Obviously" not Last Pass or 1Password (Score 1) 445

by luxifr (#46419929) Attached to: Ask Slashdot: How Do You Manage Your Passwords?

Once again, your entire post is speculation and unsubstantiated assertions. My "appeal to authority" was to show you that my perspective has more sources than just my rear. Your position appears to be that there is no added risk to storing sensitive things online (that's the opposite of what I'm stating, and you keep arguing with me) or that the idea of mitigating known risks is nonsense. You're going to have to back that up with something more substantial than breathy rants full of ellipses that ramble on until concluding that your position is correct.

Your appeal to authority just shows that you can come up with a citation and that your perspective lacks thinking of your own. You also continue to claim my position was rather extreme, when it's clearly not. I don't say that there's no added risk to storing sensitive things online. I'm just saying that the added risk is rather small if you're "doing it right"(tm) and that your point in ultimate mitigration of known risks (ie. no weighting between risk and use but just "don't do it") is an absolutely nonsense concept in its own because it doesn't work anywhere in real life. You're talking and seeing absolute extremes. I'm not. You obviously don't get that.

Comment: Re:"Obviously" not Last Pass or 1Password (Score 1) 445

by luxifr (#46411805) Attached to: Ask Slashdot: How Do You Manage Your Passwords?

However, if you do use "good" passwords, chances are that you're also able to educate yourself enough about encryption to make - at least - an educated guess about the strength of an encryption scheme.

You're not getting it. Even Bruce Schneier says encryption is hard to get right. While the encryption scheme may be fine, the actual implementation may be utter crap (or subtly flawed). Trusting the encryption as your only line of defense is unwise.

Appeal to authority much, eh? It's right that you have to trust the implementation. But then again, you have to (and do) trust many implementations in real life every day. Stuff that could actually KILL you if the implementation was "utter crap (or subtly flawed)". For starters: Think everything you eat, drink and use for transportation. That's why I was talking about making an educated guess.

In most companies...

This entire paragraph is just filled with speculation. You don't know the internal business practices of the cloud services any better than I do. Why would you assume that they care about security and separation of access privileges?

I would assume that because a company wants to earn money and especially in cloud service providers there is so much competition that they couldn't afford to screw up even once. The least thing they can do to avoid that is to avoid being grossly negligent about security. Especially when their main selling point is the prospect of security.

1. 2. 3. 4.

If you can't imagine solutions to simple problems like this, how do you feel qualified to judge the quality of encryption software?

As to 5, none of this relates to someone who wants to steal your passwords (as I specifically said in the post you responded to). This is more about mass harvesting of data in the cloud as is commonly done with credit cards, etc. Can you really not see the value in having access to hundreds or thousands of bank accounts?

If you think not blindly trusting random people at companies is paranoid then there's nothing I can say to convince you otherwise.

1. was a rethoric question and answered right away. 2. isn't as obvious as you make it sound... a proper true crypt container isn't easily distinguishable (if at all) from a massive file of just random data 3. and 4. are concerning the "Any random employee, hacker" figure... also: I don't store my bank account credentials anywhere...

besides: it's easier to get access to hundreds or thousands of bank accounts by fishing than by stealing and breaking massive amounts of encrypted data... I didn't say not blindly trusting random people at companies is paranoid, did I? Interesting rethorics on your side...

My main point still stands however: things like lastpass are fine for password storage, sync and transfer if used right because for most attacks on private data and credentials there are more efficient vectors: general, mass scale: fishing and malware via ads work just fine... targeted: well, let's not elaborate in detail about this, but in case of a targeted attack, it's probably any physical, offline vector you could think of...

Comment: Re:You don't know what you're talking about. (Score 1) 254

by luxifr (#46411105) Attached to: The New PHP

PHP has always used explicit memory management.

allocate_StringMemory() sys_FreeMemory_UTF8()

Watch out because there is no way to tell if allocation fails. That's convenient though because it makes sys_Free* idempotent; there is no difference between failure to allocate and multiple free-s.

With 5.5 you get a great new function;

sys_FreeEverything() // in traditional mixed camel case + underbar style!

Now you don't need to keep track of allocations and release them. Just blow away all allocations across all requests and start fresh. It's really great for fixing those darn memory leaks.

why this gets moderated Insightful, Interesting and Informative is beyond me... But it shows that slashdotters are now ready for beta becomming release...

parent should have been modded troll or flamebait... or maybe funny if you think it were... or maybe not at all because modding an AC up is pretty pointless...

*sigh* where do you people, who loved how slashdot WAS, go now? I'd like to go there, too

Comment: Re:"Obviously" not Last Pass or 1Password (Score 1) 445

by luxifr (#46332381) Attached to: Ask Slashdot: How Do You Manage Your Passwords?

My point was that putting your password database "in the cloud" is a bad idea. Nothing more than that.

Actually it's a brilliant idea, as long as the encryption is strong enough.

There's no way for a normal person to determine if an encryption implementation is any good or not, so the only way to keep your passwords reasonably private is to not put them in that leaky sieve of online storage.

A "normal" person uses '12345 ', 'password' and the name of her dog as passwords. A "normal" person doesn't know and doesn't care about the implications of any of that. However, if you do use "good" passwords, chances are that you're also able to educate yourself enough about encryption to make - at least - an educated guess about the strength of an encryption scheme.

Any random employee, hacker, or government could have access to your files there and you wouldn't know it. Hell, a Dropbox admin could have a script that just scans their entire storage for known-weak password database files and you wouldn't hear about it until the breach surfaced.

In most companies not "any random employee" can access all data. Not even all company data, let alone customer data. But let's assume the malicious Dropbox admin scans their entire storage for known-weak password databases...
1. how does he know them? by research... something you could do as well before using something 2. how does he identify them? by file extension? by file header? 3. how does he collect the MASSIVE amount of results (we're probably talking tens of terabytes at least)? On an external hard drive or something the like? would there be anything more suspicious for him to do? 4. what does he do with the data then? sell it? no, he has to break it open first... which isn't free either 5. why would he want YOUR data? is it really THAT interesting? and if you've access to valuable bussiness data, so does your manager who probably doesn't care or know as much about password security and is therefor the weaker link and a better target for an attack also: if the government wants your data, especially if you live in the common-wealth, then you're screwed anyway... you won't outsmart the nsa unfortunately

Treating any cloud services as remotely private is insane.

Seing threads everywhere and thinking that ones own data is so damn special to anybody that it would be worth the effort of breaking a strong encryption is even more insane

People put "password protected" zip files and Word documents and PDFs and such on Dropbox not knowing that the protection is junk, and most people here would scoff at the idea that they're safe.

I use the built-in OS's keychains and password managers. They're "encrypted", but I wouldn't put them online. I transfer them between computers using a USB drive when I need to. It's not that big of a pain and I'm not paranoid enough to think that people are actively trying to break into my specific computer to steal my passwords.

That is as safe as putting "password protected" zip files online, really... if someone want's YOUR specific passwords, it should be easy enough to get someone steal your computer... easier than breaking into servers of big cloud providers... and the encryption on your computer would probably be easier to crack than the encryption of the data in the lastpass cloud for example having something physically near you doesn't make it safer... quite the opposite is the case that said: I go with lastpass... it's as secure as it gets right now... apart from actually memorizing all your passwords... I'd be more paranoid about laced shoes... loose laces pose REAL danger, you know... also it's more likely to get robbed on the streets or run over by a car than someone stealing your passwords from the lastpass servers... however: you can be as paranoid as you want but I hope you use an adblocker or your "my passwords are only stored in the OS's password manager" strategy (or any other strategy apart from having an allways-offline device where you put and read passwords manually) is pretty much useless anyway...

Comment: Re: Secure safe. (Score 1) 381

by luxifr (#45951725) Attached to: Ask Slashdot: How To Protect Your Passwords From Amnesia?

So simple: put passwords in safe with three combo lock. Give one number to three different people you trust to be around for life. Don't tell them who the other ones are. Tell them if something happens to you to come forward and tell you that they have one of the numbers.

And when you are in the hospital, with your amnesia, they collect there and find out about each other. Maybe even before you realize who they are. They then could as well open the lock without you...

Or laptop with fingerprint reader, hopefully you don't lose memory and fingers

Like those things were reliable. Those consumer grade finger print readers could easily not recognize you for various reasons or be spoofed easily if someone ever gets your fingerprint (which isn't too hard - we leave them everywhere - all the time)...

Comment: Re: systemd is there (Score 1) 383

by luxifr (#45876343) Attached to: Ask Slashdot: Command Line Interfaces -- What Is Out There?

You don't get a salary for educating the children.

Yeah, it's commonly known that teachers don't get paid anything as they live on the cozy, warm fealing of pride when they advance culture by educating children. Anyone who says otherwise must clearly be a "goddamaned"[sic!] idiot.

But seriously though: Who voted this informative?

Comment: Re:Need more mental health centers not prisons (Score 1) 260

by luxifr (#45573499) Attached to: A Review of the "Mental Illness" Definition Might Prevent Crime
Don't know about the GP but where I live I go to the doctor, when I'm sick. I don't have to worry about the cost. If I get a prescription I'll pay a small amount (€ 5) out of my pocket. I have a regular physician I go to for basic illnesses and first diagnoses, who would send me to a specialist, if needed, like pretty much everyone in my country has. Waiting time, if I go there without having an appointment is about 60-90 minutes. Getting an appointment with a specialist comes with wildly varying waiting times... from getting one the same day to having to wait several months. That mainly depends on how pressing the issue is, how many of this kind of specialists there are in the area. But then again, you're free to choose the specialist you go to, so if you don't want to wait as long you just call them all and use the earliest appointment you can get.

Americans should get that eat-or-be-eaten-free-economy-everything-else-is-communism-trololololol-stick out of their asses... really... and it's not just about public heal care... there are more things America is pretty much underdeveloped... sometimes even EXACTLY as underdeveloped as, say, Suriname, Liberia, Papua New Guinea, Nauru, Western Samoa and Tonga!

Comment: Re:Third party software (Score 1) 113

by luxifr (#45472765) Attached to: OpenSUSE 13.1 Released and Reviewed

I run CentOS in a VM at home for this reason as it is very close to what they use at work which is thankfully free. Would not put it on a real server though doing anything important. :-)

meh... CentOS is not just "very close" to RHEL but in fact the same... they build it out of red hat sources with red hat build configs... basically it's just a recompiled red hat... the only reason I wouldn't use CentOS is that its community (leaders) is somewhat too unstable for my taste... it wasn't that long ago when you couldn't be sure if CentOS would even continue to exist because of internal disputes... that said: there is an alternative: Scientific Linux... it's basically the same as CentOS with some additions to it that all come as optional packages... difference is: it's driven by CERN and the international science community which makes it a pretty safe bet

Comment: Re:So? (Score 1) 285

by luxifr (#45365307) Attached to: Security Breach Forces Bitcoin Bank Inputs.io To Halt Operations

It's computer fraud and abuse. It's not like they really robbed a bank.

which, amazingly enough, in mots of the west gets a lot more of jailtime for you even if you stole nothing of actual monetary tangible value....

though, again as usual, one needs to ask if they just took it themselves, their ex-employee took it or..

yeah, it's not like 4100 bitcoins are worth about 1.3 Million USD at the moment with a tendency to increase this value faster than anything else at the moment...

Comment: Re:But.. (Score 1) 340

by luxifr (#45365291) Attached to: Global Biological Experiment Generates Exciting New Results

Two completely different mechanisms.

To achieve one and the same goal: Killing germs. It's not the people or cows or whatever, which develop a resistance to antibiotics. It's the germs. And to that end it doesn't matter whether they are killed inside or at the surface of an organism. So yes: antibiotic hand soaps are really a problem, too. I'd say they are even more of a problem than the excessive use of antibiotics in health-care because they are even more abundant and using soap is even more harmless than swallowing a pill, isn't it? Plus: Clever advertising makes more and more people believe they'd actually need it so they stay healthy...

That reminds me: May be funny to see such peoples reaction when someone told them that there are more cells of bacteria and other micro organisms living on and in their bodies than their bodies themselves have :D

Comment: Re:brace yourself (Score 1) 453

You again make an assumption, that social ability and intelligence are somehow mutually exclusive.

If you read carefully you will find that you're reading this into it. I merely dissented from the parents claim that being smart has the intrinsic property of getting along just fine with no probability of a "crummy adolescence".

Ah, the mark of the intelligent, social underachiever you so gleefully project on to everyone else, the pointless, baseless personal attack.

Yeah, right. Again: Social overachievers wouldn't be such bullies, would they? Uh, yeah, wait a minute: THEY ARE... more often than not even physical ones. Of course they wouldn't be baseless so, right? Right! Because for some of them this is the way to become popular in the first place. Of course THAT is all just games and play. You may not be an idiot but you sure are an ignorant, smug hypocrite. Oh, and a coward one.

Comment: Re:brace yourself (Score 4, Interesting) 453

People who had a crummy adolescence for the reasons you're stating aren't really that smart. If they were, they would have had a much better adolescence.

yeah, because being smart makes it easy to not get depressed from being marginalized for just being too different to be socially lovable or even acceptable by your peers.
after all it's adolescents especially, who are very reasonable, empathetical beings, which are rarely biased towards trends and who never practice prejudice based on those.
ah, but I think I see your point: If they were smart, they could easily *pretend* to be a better social fit. They could easily just deny who they really are, follow the masses. That suure must make them happy eventually, doesn't it?

You're an idiot!

No amount of genius can overcome a preoccupation with detail.

Working...