HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mjthompson

no profile record

comments

mjthompson
·5 лет назад·discuss
You're right, one might invoke Poe's law in relation to complaints about a hat on a cone.
mjthompson
·5 лет назад·discuss
man is not a safety nor mission critical system. It was trivial to work around functional anomalies. There was nothing wrong with this, and it was hilarious.

I'm glad the VLC developers never backed down from the Santa hat popping up near Christmas, despite ridiculous criticism from a tiny minority of users.

If you don't like it, fork it.
mjthompson
·5 лет назад·discuss
Burglars are in and out in a matter of minutes. There's no way they're standing there taking photographs. Like I said, they want money (and easily hocked valuables). No street criminal is interested in your Google Account login.

Australian here. When my house was broken into Police forensics came that afternoon and fingerprint dusted all points of entry and lifted prints. Do they not do this in your jurisdiction? I have just realised DNA is probably poor shorthand for that.
mjthompson
·5 лет назад·discuss
> A piece of paper can easily be found by someone. Much easier than hacking a password manager.

A piece of paper in a locked drawer is potentially accessible to a person breaking into it. It is probably an unsophisticated burglar looking for money. They are probably located in the vicinity of your neighbourhood and have rocked up to your home, and will not evade capture for long. They will likely leave DNA. If they decide to swipe your notebook, it will be immediately apparent you have been compromised, as your drawer is open and your notebook open or missing. Your notebook may be looked at momentarily, perhaps passed to one or two people, more likely, it will be thrown into a gutter as soon as the burglar realises it has no money in it, or just left untouched.

A password in a locked password manager is potentially accessible to a person breaking into it. It is probably a sophisticated cyberattacker looking for credentials. They are probably located overseas and have remotely connected to your home network, and will evade capture. They will leave no trace. If they decide to compromise your vault, it may not be immediately apparent you have been compromised, as your password manager is still there. Your vault will be scrutinised intensely, and your credentials will be sold to many others on a darknet forum.

I know which I'd rather.
mjthompson
·5 лет назад·discuss
A password manager only really offers marginal phishing protection, in the sense that 'automatic autofill' (as defined in the original post) is not available with an unrecognised website.

The problem is most profound with tech illiterate folk. If you have tried to teach a tech illiterate person how to use a password manager (as I have), you may have encountered the issue that 'autofill' isn't 100% accurate. You will occasionally hit a subdomain or alternative domain which using the same credentials as the saved website (eg amazon.co.uk vs amazon.com). It will appear that no credentials are available for that site. Therefore, you usually have to teach the person how to manually search the vault and either fill manually, or copy and paste credentials. Otherwise, you can expect phone calls for support. And, of course, the original article actually suggests disabling automatic autofill. It suggests filling manually, further opening up the possibility of mistakenly filling onto a dodgy domain. As soon as you teach them a workaround to deal with this case, the phishing vector is basically no different to a post-it.

This problem might also apply to a tired, tech literate person, who mindlessly fills manually or copies credentials without checking the domain.

In either case, we fall back to Google Safe Browsing doing its job properly, and await solid anti-phishing solutions like FIDO2/webauthn.
mjthompson
·5 лет назад·discuss
Good advice. Ever since Tavis Ormandy set his sights on password managers, I have been a very sceptical user. I still use 1Password, but without the browser extension. Putting autofill aside, there's a couple of other concerns I have.

I am hesitant about recommending a password manager to the tech illiterate simply because one piece of malware could compromise the entire vault. In that respect, a sticky note is arguably more secure than a tech illiterate person using a password manager.

Also, I have my usual criticism of client-side browser encryption. Anyone who has the technical ability to compromise a cloud-based service can likely take it a step further and modify JavaScript files enabling total vault compromise. There is no easy way for a user to mitigate this risk.

Password managers must be a stop-gap measure only until webauthn is more widely deployed. I long for the day when phone-based webauthn keys are the norm, and I can stop fielding questions about password managers from friends and family.
mjthompson
·5 лет назад·discuss
The argument in response is that it is legitimate for the government to legislate to promote the health of its citizens, as we are seeing with lockdown laws in COVID-19. That people break lockdown laws is not a reason not to have lockdown laws. So the argument involves a bit more analysis than simply accepting that 'prohibition doesn’t stop teens from drinking'.

So, this just invites the same perennial arguments frequently made in relation to drug decriminilisation.

On my part, had the drinking age been 21 where I live, I wouldn't have started drinking until I was 21.
mjthompson
·5 лет назад·discuss
The counterargument to this is that there is evidence young people are neurologically not full adults at 18 years of age, and alcohol impedes neurological development.

I have no doubt war also has neurological effects, but they don't seem to be age specific.

It is challenging, if not impossible, to otherwise defend it. If someone has the possibility to choose (or be forced) to harm themselves and shorten their life in war, then why shouldn't a choice apply to alcohol?
mjthompson
·5 лет назад·discuss
This shouldn't happen. If you create a Word document within a subfolder of OneDrive, and open it in Word, it should be saving to OneDrive with autosave enabled.

Perhaps you are using an older version of Word and/or the OneDrive client?
mjthompson
·5 лет назад·discuss
Costs are compensatory in nature, not punitive. This is a risky gambit, pardon the pun.

Also, in Australia, you'll only recover a portion in accordance with scale limits (party-party costs). Indemnity costs (100% recovery) is rarely awarded. What's the case in the US?
mjthompson
·5 лет назад·discuss
I don't think I need to respond - you've encapsulated what I would have said perfectly.
mjthompson
·5 лет назад·discuss
The public/private divide is a well-known conundrum. And the analogy I gave is a practical example of that, one that has actually faced several nations. I note you've offered no basis for it being 'dishonest', either, which is unfair. Be careful before making statements like that.

The point is, you look at the substance of what is being done or controlled, not the status of the actor as a private or public entity. That is what the analogy is used to explain.

The substance of what is being done, here, is regulation of communication between individuals over a communication platform. Downplaying it as 'not hosting public content' is inaccurate or at least of no moment. What's public content mean anyway?

If a significant amount of private communication goes through privately owned channels, it is reasonable that the private companies operating those channels respect democratic norms. It's unreasonable to dismiss any criticism as 'they are a private company', as that's beside the point.
mjthompson
·5 лет назад·discuss
I'm not even close to convinced by your response. Relying on the public-private divide as the sole basis for your retort is weak. You also assert that the person is pushing a personal narrative, but I suggest you're doing the same.

There's an argument that private corporations that are involved in dissemination of information (search engines and social media) should respect principles of freedom of speech as a democratic principle, regardless of constitutional mandate.

Suppose the government outsources welfare eligibility decision-making to a private company. Does this mean traditional notions of fairness we would expect from such an decision-maker do not apply, because they are a private company?
mjthompson
·5 лет назад·discuss
I hope the twin prime conjecture holds, since it would be pretty incredible to think that, despite what you said, there are infinitely many twin primes.
mjthompson
·5 лет назад·discuss
I own a Synology, but I'm still not opening it up to the internet. I use a Wireguard VPN on a RPI to access it.

It's a minor inconvenience, but I can sleep sound at night knowing my NAS isn't being wiped by a zero day.
mjthompson
·5 лет назад·discuss
How good would it feel to pop calc.exe on an ATM?
mjthompson
·5 лет назад·discuss
Looks great, a little bit of localisation would be good though. What are gas stations?
mjthompson
·5 лет назад·discuss
You don't have to use this app. If you don't want to open up these so-called attack vectors you can simply not use it.
mjthompson
·5 лет назад·discuss
I thought this too. On the other hand, it does make sense to them to publicly claim that the reason they moved out was for technical rather than political reasons. It might not make themselves a highly attractive target for a retaliatory DDoS attack.
mjthompson
·5 лет назад·discuss
A very edgy comment! Well done.