Forgot your password?

Comment: Re:I don't buy it (Score 3, Interesting) 264

by postbigbang (#48143845) Attached to: Confidence Shaken In Open Source Security Idealism

Some kids will become good and responsible coders, but not all kids. Some will be artists, musicians, mechanics, farmers, etc., and for the rest of the world that doesn't code, a heavy responsibility is placed on the FOSS community to do code reviews.

People don't compile at all. They download binaries, and they don't know the difference between an MD5, a SHA-x and a hole in the ground. Binaries therefore need special protection. Open Source doesn't mean anyone's actually looking at the code, and there needs to be peer review on critical components given with distros, but this isn't guaranteed to happen. Instead, there's an incredible bloat of stuff that we HOPE is good. An actual process might be better. What kind? Something more than Linus yelling at you.

Comment: Re:Oh great (Score 1) 546

by postbigbang (#48135163) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

I would agree with you, but we need to train them first so as to avoid the problems associated with the usual tech support issues. There are many that could easily qualify, including token devices, session-based tokens, even anonymized public keys. Many choices.

But businesses don't want the overhead, and no one seems to get punished except----> users when the info is breached or misused in any way. Nobody seems to get punished.

Comment: Re:Oh great (Score 1) 546

by postbigbang (#48134439) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

"Locks keep your friends out; your enemies have pick tools".

You can make anything up you want, but changing them frequently is the key to killing their usefulness when there are bulk thefts of passwords. These things go undetected for months. If you'd changed already, you're good-- unless the crack gets the deltas, too, which is unlikely.

Stupid passwords will still be stupid, but no use to go to incredible lengths unless your keys are extremely valuable-- then go to a Yubikey or another secondary auth. Key age is probably more critical than its ability to be dictionary attacked, IMHO.

Comment: Re:Enforce (Score 4, Interesting) 122

by postbigbang (#48072999) Attached to: Dubai Police To Use Google Glass For Facial Recognition

You forgot to mention the necessary sense of walking around: liberty. Even if you're a "positive", what of due process? Will you land in a jail, await a long process? How and who guarantees that you'll be then excluded if you're falsely positive? It's a slippery slope. Google has opened a Pandora's box of paranoia.

Will people stop traveling in fear of false-positives? Where are governments permitted to gnaw on their citizenry, privacy death by a thousand cuts?

Comment: Re:kill -1 (Score 1) 469

by postbigbang (#47960207) Attached to: Fork of Systemd Leads To Lightweight Uselessd

None of this is tough, and there is no science fiction, and the post cites oh, 10 CVEs in four years. My underwear has more than 10 CVEs in the past four years.

So maimed are these Tea Party software sweatshirt-wearing jokers that they're taking their bruised asses into BSD, and any place, anyplace but Linux.

No, they don't tell you about any of the actual features, they just cite covering their system's butts cause they can't kill -1. You can still hobby, still futz, still cobble with Linux. And you can run huge multi-core systems with very complex (o)virting, docker, ad infinitum while you learned a few new dependencies.

Those that compare all this to WIndows 9 know neither Linux or WIndows to make such an abrupt comparison. Adoption? It's not science fiction folks. It has similarities to how Solaris has evolved, and you can take a look at Solaris for some of the roots about WHY systemd. Go ahead and initd if you want. Nobody's stopping you. RH, Deb, etc, didn't pick this because it was stupid, or because they're part of a herd. All of them have strong egos, and they picked systemd because it's so NOT 1986.

Comment: Re:Dial up can still access gmail (Score 1, Insightful) 334

For other reasons, I'd recommend against.

1) why raise a red flag (sorry for the pun)

2) gmail reads all your stuff and sells the keywords to the highest/best bidder, so your privacy is zippo

3) yes, a good POP3 provider can also reel-in mail from other accounts and become a personal email center.

4) most of the spam I get desiring replies uses gmail, so training them not to respond to gmail users might be tough; they need training in general and you need to do that first and foremost before making decisions about what method you want to use.

5) two-factor authentication is likely beyond their capacity to understand. I'd make this one really simple. Use an auto-updating Linux (like Mint), then setup a menu with few choices. Nothing Windows, and if you send a Mac, be sure it can be supported in their locale.

Comment: Re:Not about ease, about authority (Score 2) 231

by postbigbang (#47903565) Attached to: School Installs Biometric Fingerprint System For Cafeteria

But there's no fingerprint, not picture, nothing to feed to big data some place. There must be control. Having a child outside of the system means an aberration. We must have no aberration. All must be tracked. There might be as much as $2.20 in theft! Imagine-- not eating those nutritious lunches, packed with carbs and "brain food"!

I've been fond of "up the system". Fingerprints. Yeesh.

Life would be so much easier if we could just look at the source code. -- Dave Olson