Forgot your password?
typodupeerror

Comment: Re:Not sure about this one (Score 1) 165

by postbigbang (#48215191) Attached to: Austin Airport Tracks Cell Phones To Measure Security Line Wait

Think about it. They already know who you are unless you anonymously purchased a "drop" phone. With either GPS or LBS, they know where the phone's been. It was with you, likely. You fell asleep where you live, so that's your address, resolved to about 1m most places. There's a MAC address on the phone, very difficult to spoof. There are two more IDs on the phone, one as your EIMI or equiv, and other that's buried in a firmware-reachable mem location.

You drove by the sniffing cell towers on your way into the airport. If WiFi was on, it sniffed that, too. Up against a database linking users to cell, another easily done link says: whoa there, Chuck, you're on the no-way-Jose list. We're going to ask you to step into our office after we get the nekkid picture of you.

Yeah, I'm giving them too much credit, partly in humor. Such a scenario isn't outside of the realm of real possibility. Why use so much technology when you can mark ropes? Next they'll be weighing passengers with rugs made out of load cells so they can balance plane weights before you ever get to the bankrupt pizza maker on the next concourse.

Comment: Re:I don't buy it (Score 3, Interesting) 265

by postbigbang (#48143845) Attached to: Confidence Shaken In Open Source Security Idealism

Some kids will become good and responsible coders, but not all kids. Some will be artists, musicians, mechanics, farmers, etc., and for the rest of the world that doesn't code, a heavy responsibility is placed on the FOSS community to do code reviews.

People don't compile at all. They download binaries, and they don't know the difference between an MD5, a SHA-x and a hole in the ground. Binaries therefore need special protection. Open Source doesn't mean anyone's actually looking at the code, and there needs to be peer review on critical components given with distros, but this isn't guaranteed to happen. Instead, there's an incredible bloat of stuff that we HOPE is good. An actual process might be better. What kind? Something more than Linus yelling at you.

Comment: Re:Oh great (Score 1) 549

by postbigbang (#48135163) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

I would agree with you, but we need to train them first so as to avoid the problems associated with the usual tech support issues. There are many that could easily qualify, including token devices, session-based tokens, even anonymized public keys. Many choices.

But businesses don't want the overhead, and no one seems to get punished except----> users when the info is breached or misused in any way. Nobody seems to get punished.

Comment: Re:Oh great (Score 1) 549

by postbigbang (#48134439) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

"Locks keep your friends out; your enemies have pick tools".

You can make anything up you want, but changing them frequently is the key to killing their usefulness when there are bulk thefts of passwords. These things go undetected for months. If you'd changed already, you're good-- unless the crack gets the deltas, too, which is unlikely.

Stupid passwords will still be stupid, but no use to go to incredible lengths unless your keys are extremely valuable-- then go to a Yubikey or another secondary auth. Key age is probably more critical than its ability to be dictionary attacked, IMHO.

Comment: Re:Enforce (Score 4, Interesting) 122

by postbigbang (#48072999) Attached to: Dubai Police To Use Google Glass For Facial Recognition

You forgot to mention the necessary sense of walking around: liberty. Even if you're a "positive", what of due process? Will you land in a jail, await a long process? How and who guarantees that you'll be then excluded if you're falsely positive? It's a slippery slope. Google has opened a Pandora's box of paranoia.

Will people stop traveling in fear of false-positives? Where are governments permitted to gnaw on their citizenry, privacy death by a thousand cuts?

Comment: Re:kill -1 (Score 1) 469

by postbigbang (#47960207) Attached to: Fork of Systemd Leads To Lightweight Uselessd

None of this is tough, and there is no science fiction, and the post cites oh, 10 CVEs in four years. My underwear has more than 10 CVEs in the past four years.

So maimed are these Tea Party software sweatshirt-wearing jokers that they're taking their bruised asses into BSD, and any place, anyplace but Linux.

No, they don't tell you about any of the actual features, they just cite covering their system's butts cause they can't kill -1. You can still hobby, still futz, still cobble with Linux. And you can run huge multi-core systems with very complex (o)virting, docker, ad infinitum while you learned a few new dependencies.

Those that compare all this to WIndows 9 know neither Linux or WIndows to make such an abrupt comparison. Adoption? It's not science fiction folks. It has similarities to how Solaris has evolved, and you can take a look at Solaris for some of the roots about WHY systemd. Go ahead and initd if you want. Nobody's stopping you. RH, Deb, etc, didn't pick this because it was stupid, or because they're part of a herd. All of them have strong egos, and they picked systemd because it's so NOT 1986.

Comment: Re:Dial up can still access gmail (Score 1, Insightful) 334

For other reasons, I'd recommend against.

1) why raise a red flag (sorry for the pun)

2) gmail reads all your stuff and sells the keywords to the highest/best bidder, so your privacy is zippo

3) yes, a good POP3 provider can also reel-in mail from other accounts and become a personal email center.

4) most of the spam I get desiring replies uses gmail, so training them not to respond to gmail users might be tough; they need training in general and you need to do that first and foremost before making decisions about what method you want to use.

5) two-factor authentication is likely beyond their capacity to understand. I'd make this one really simple. Use an auto-updating Linux (like Mint), then setup a menu with few choices. Nothing Windows, and if you send a Mac, be sure it can be supported in their locale.

Wernher von Braun settled for a V-2 when he coulda had a V-8.

Working...