Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:So it you watch someone draw the pattern... (Score 1) 130

I think the parent post is eluding to the concept of LEO interrogating people's phones for no reason which is BS. His idea of turning the phone off so that the phone requires passphrase and not just fingerprint is a good idea.

Yes, exactly. But that only works if you KNOW you are about to be interacting with LEO. In the event you are pulled over you do, but most other scenarios you don't have that kind of warning.

I mentioned theft etc because that is the other major threat to a phone. The issue for most people is that the risks to them from theft are quite different to the threats from LEO.

A fingerprint is with password on reboot is a reasonable deterrent to most theives getting at your data. but its not enough for LEO (as they to be able to compel it from you). A passphrase all the time is good enough for both LEO and Theives makes it too inconvenient to use the phone.

That was my point.

PS eluding should be alluding

Comment Re:So it you watch someone draw the pattern... (Score 1) 130

That's a neat idea; i presume you are talking about a mail handling rule/filter on my 'secure email' that forwards the messages to my 'regular email'.

It would be a fair bit of work to setup and test and I worry it would be much too brittle -- I mean how often do i reset passwords or login from new computer; and the vendor could change the message template at anytime, resulting in the notifications not coming through, or the wrong ones coming through.

On the otherhand, it does suggest an idea... to have it forward my phone a generic notification when i get email to the secure email from certain domains. That could work. Not perfect I'd have no way of telling without logging into the secure mail whether it was important or just some marketing blather. Hmm... I could have it preserve the subject line though... and strip the body.

We might have something workable as a strategy here... although getting it to run server side will be a hassle. Looks like server-side mail rules in outlook aren't robust enough; I might be able to do something with exchange/office365 though... but that's a bit of a PITA. For the other mail I'd want this for, its a personal account, but IMAP, hosted by a hosting company ( i ran my own mail server for years, but its more of a pain than I care for; and just not worth my time for one or two accounts anymore) anyhow -- I doubt I'll be able to get any robust server side message scripting for that either.

a simple "Forward subject line only" would be so trivial to have too... I'm almost surprised it doesn't seem to already exist as one of the canned options.

Comment Re:So it you watch someone draw the pattern... (Score 4, Interesting) 130

The biggest problem with a passphrase is that entering it every time you get a text message is obnoxious and intolerable from a usability standpoint.

Your solution of turning it off before a possible event is a step in the right direction, but it's not reliable enough. It works ok when you get pulled over ... you have lots of time between the lights flashing and officer at your window. But for a lot of situations you don't have that luxury. For example, if it is lost or stolen it'll still be turned on, or if you are arrested just walking down the street...

Stuff like samsung knox has the potential to be a good middle ground -- a secure container within your phone. So you can fingerprint/ short PIN to access your phone, GPS, SMS and your pay-by-phone parking app, etc but have your documents and pictures and work email still behind a passphrase.

(I'm not sure how good knox is in particular, but the concept at least I think is a good idea.) And I realize for some people even the SMS and parking app they want behind the passphrase because it'll reveal who they talked to or where they parked etc... I get that. Security is always a trade off between convenience and security... for me always passphrase is too obnoxious to use -- I tried it, while only fingerprint or 4-digit PIN is far too weak to protect say, my email (more from theives than from law enforcement... ) the potential damage a theif could do with my phone is scary.

The only reasonable solution with current phones is to not have much of anything on them. So for example, the email account I have have linked to the domain registrations and various other online services and resources I have access to is NOT on my phone. This is frequently inconvenient and bit ironic -- on the one hand I WANT the notifications of any activity on those accounts immediately notified to me, but the risk of someone getting into my phone (e.g. by observing me enter my PIN, and the stealing it) and being able to take control of those accounts via the linked email and 2FA which is tied to that number... is too great.

Maybe knox type solutions would be a solution... i just haven't actually had the time to try it.

It'd be nice though if various cloud service providers would let you register a separate notification email in addition to the admin email. So that I could receive notifications like 'a user has logged in from a new computer to your account..." on my phone without that being the email address being the one that can also be used to retrieve/reset login and password credentials.

Comment I don't even like Uber but (Score 0, Troll) 506

"I left my job thinking this would work, and it's getting harder and harder," Howard said. "They have to understand that some of us have decided to make this a full-time career." Howard

Yeah, fuck you. The world doesn't owe you anything and even Uber's own ad campaigns bend over backwards to emphasize that this is supposed to be a side gig to make some extra money.

Comment Re:Da, comrade. (Score 1) 270

Ok, fine. It's SOUNDS like a great idea, but it'll be abused by evil people for their own gain. Therefore we shouldn't do it.

    Does that little distinction make you happy?

A bit - but I think the "we shouldn't do it" needs some work. I think we SHOULD aspire to good things, even if there is a danger of people misusing such lofty aspirations. Desigining social and political systems that are fair and equitable (recognizing what those terms mean in any situation are not always agreed upon) is something that we should be trying to do - but I do agree that taking into account how humans actually behave is an important part of making robust systems that are not easily abused.

How to actually build such systems I don't really know. Some combination of market mechanism and regulations to minimize unintended externalities often seems applicable. Some fundamental shifts in the way we divide up our society's immense riches between its members in light of the impact of automation, AI, and other advances seems likely to be necessary.

Slashdot Top Deals

They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan

Working...