uSSD sticks with current 6Gbps speeds but ditches traditional Serial ATA connectors, allowing SSD controller chips to be soldered directly to motherboards.
All of that is true, and none of it affects the fact that a person with a USB memory stick cannot walk up to a thunderbolt-only machine and plug it in. USB is still necessary for backwards compatibility, and not everyone will have one of these thunderbolt to USB hubs (which again, only seem to exist on a $1k device right now).
The ONLY point I was making is that USB is superior in backwards compatibility. Adapters are never 100% compatible-- some devices will not work properly even on a USB2 hub, and I am not sure again that even a PCI usb card has 100% compatibility with some of the half-compliant (spec) devices out there.
In case you missed it, Apple's Thunderbolt display includes a USB hub.
Thats a $1000 monitor. Saying "you can just buy this $1k device and not have to worry about replacing your other devices" doesnt really address the issue. Usually people worried about backwards compatibility are trying NOT to spend oodles of money, otherwise theyd simply buy newer devices.
Thunderbolt being able to run USB data over it helps, but A) im sure theres not perfect compatibility with all devices, and B) it still doesnt change the fact that you now need an adapter. USB3 gets around those issues, and in THAT department is superior.
Having a windows login password on a personal laptop is, unless you use EFS or truecrypt, a bad idea.
A) someone with Ophcrack (or who sneaks SamDump onto your computer and grabs the hash) can recover your plaintext password quite quickly (10 minutes for 10char passwords with ophcrack), with no trace. As you pointed out, learning this password likely reveals info about your other passwords.
B) Windows has for the longest time refused to allow remote connections to accounts with a blank password, regardless of other policies on your computer. A blank password is far more secure than a weak password. Blank password means no RDP, no telnet, no SMB connections (unless youre using a home edition), no management connections.
C) Passwords are trivial to circumvent, when you have physical access (and for remote, see #2). A 1meg boot iso can completely wipe out your password; an ophcrack disk can reveal it; any linux liveboot distro can run chntpw and kill the password.
Also, if youre on a laptop, its far better (imo) to have it set to autologon, lock the bios, and have boot time services which connect to wifi and grant you remote control (if your laptop is ever stolen. If you have a password, a thief can trivially get to your data unless youve truecrypted your drive; if its set to autologon, at least you have an attempt to grab geolocation data and control the webcam.
Basically, if your data is REALLY that sensitive, you need to be running volume or full disk encryption, not relying on a windows logon. Windows logons are only useful for network (AD) authentication, or multiple users on a locked down computer.
Was going to post a snarky comment about "im sure you have to buy a mac first", but it looks like they dont require anything more than visiting their page and filling out a form. Looks pretty cool, and provides a nice answer to "what do I do with my stack of crappy decade-old laptops".
What, exactly, am i logging into without wireless? Why would I care about keystroke capturing if I have no connectivity? Why am I opening Top Secret documents @ DEFCON?
Seems to me I would be listening to music and taking notes.
"A blurry mess" is not what I saw when I played Super Metroid with eg Super2xSAI; I remember it being remarkably sharp. Check out the example picture from Wikipedia, and then tell me the TV on the right (2xSAI) is "blurry".
I suppose if you zoom in 10x, yes, you can see a "blur", but I dont play a game zoomed in to 10x. Scaling from 320x240 to 800x600 will either result in a blocky mess, or if you apply a filter it "sharpens" (that is, makes the image clearer and more understandable) the image through what you are calling "blur".
I suppose there could be. Are you sure there isnt some network command that will cause your PC to start listening on port 22 for assembly instructions to execute?
Just asking the question doesnt make it a significant concern.
Or just disable your data ports and adapters (ethernet, bluetooth, wifi), and your usb ports. Good luck hacking that; I dont care if youre an NSA agent with Charles Babbage as a lifeline, I doubt you have a hack that can exploit an unpowered wifi adapter.
Well, the bug is that the on-screen prompt occurred at all. That's the part needs to be stopped.
This can be done in plaintext open wifi connections to laptops. You request www.google.com, i send you www.InfectMeWithARootkit.com, which requests permission to download and run executable code. If you agree, you will be rootkitted.
Or on a blackberry, you send a link to a malicious.jad file, and it asks if you want to download, and later run, the content.
might as well expose them to a Linux distribution that at least has scores of layman support, such as Ubuntu.
If their operating margins are thin-- which for non-profits, they likely are-- it is much cheaper in terms of administration and time to simply purchase a charity XP license than it is to deal with Ubuntu-- training, securing, troubleshooting, etc. XP has been around for some 10 years, even administrative and accounting folks have learned enough to do general troubleshooting on that.
You do them no favors by introducing a new system, which being new and foreign to them, has inherently higher costs.
The place for *Nix is in non-profits where YOU are the full time admin and can handle and minimize those costs. Foisting it off on someone else because you somehow think the $10 for a charity license is somehow significant is not helpful.
This. At around $10 per license for XP installs and a few dollars for office etc, it makes sense to just run DBAN (a quick run) and let them get on with it.
Honestly, when friends dump old laptops on me with old data and software I forever worry about whether they might need that data back, or if the licenses are needed etc. A blank computer is always easier and less hassle for me since I dont have to worry about that.
And video and audio filters never look or sound as good as the real thing.
I still have an SNES, and used to play a ton of ZSNES. I also used to play a lot on a GBA emulator. After using some of the graphics filters, I completely disagree. Try blowing a GBA game up to 800x600 without a filter, and then try it with a filter, and tell me theres not a world of difference.
USB negotiates power requirements. It could refuse to deliver such a high power output. Additionally, it could accept power over usb from a powered hub or whatnot.
Youre not seeing the big picture. Think of this scenario:
You have a monitor, mouse, keyboard, and printer at work. All the peripherals are plugged into the monitor's USB hub. When you bring your laptop into work, you plug a single USB3 cable from the monitor into the laptop; this delivers 90W of power (for charging), and also hooks in all of the peripherals.
Thats their fault for being irresponsible. Would you have us be enablers for this irresponsibility by making it so you CAN live your life in blithe ignorance?
Why not simply expect people to manage their own affairs and watch what agreements they enter into, and not try to protect them from themselves? This is kind of foundational for moving past middle and high school, and becoming a mature and responsible adult.
People don't understand what they trade off most of the times... When was the last time you actually reads an agreement before signing up?
This is neither Google's fault, nor a reason to call for more legislation, nor a reason for you to care for those people.
If people cant be bothered to read the contract, the solution is NOT to weaken contracts; if people cant be bothered to read the privacy policy the solution is not to crack down on the companies. The ONLY (and I mean ONLY) way to have a long term "fix" is to make people have to care about what is truly important, by enforcing the privacy policies and agreements people enter into. If it becomes a big issue, they will have to care-- this is how adults are supposed to behave.
After running wireshark and ProcMon to verify their claims, yes, yes I do. Others have similarly audited it.
And honestly, when time and time again, Google shows complete integrity in saying what they are doing and being true to their word, I do not understand the cynicism. Can you show me a single example of Google lying about their actions? The biggest gaffe I can remember-- the wifi data gathering-- resulted in them giving a full mea culpa confession and beginning an independent audit.
What about a company that acts in this way makes you want to be skeptical of THEM, of all people?
Yes, a forcible and illegal cyber attack by members of/b/ (of all people) designed to destroy a social network will be the beginning of a golden age of civility. Thats EXACTLY what will happen.
uSSD sticks with current 6Gbps speeds but ditches traditional Serial ATA connectors, allowing SSD controller chips to be soldered directly to motherboards.
You best be joking.
All of that is true, and none of it affects the fact that a person with a USB memory stick cannot walk up to a thunderbolt-only machine and plug it in. USB is still necessary for backwards compatibility, and not everyone will have one of these thunderbolt to USB hubs (which again, only seem to exist on a $1k device right now).
The ONLY point I was making is that USB is superior in backwards compatibility. Adapters are never 100% compatible-- some devices will not work properly even on a USB2 hub, and I am not sure again that even a PCI usb card has 100% compatibility with some of the half-compliant (spec) devices out there.
Good find, thanks for that.
In case you missed it, Apple's Thunderbolt display includes a USB hub.
Thats a $1000 monitor. Saying "you can just buy this $1k device and not have to worry about replacing your other devices" doesnt really address the issue. Usually people worried about backwards compatibility are trying NOT to spend oodles of money, otherwise theyd simply buy newer devices.
Thunderbolt being able to run USB data over it helps, but A) im sure theres not perfect compatibility with all devices, and B) it still doesnt change the fact that you now need an adapter. USB3 gets around those issues, and in THAT department is superior.
Having a windows login password on a personal laptop is, unless you use EFS or truecrypt, a bad idea.
A) someone with Ophcrack (or who sneaks SamDump onto your computer and grabs the hash) can recover your plaintext password quite quickly (10 minutes for 10char passwords with ophcrack), with no trace. As you pointed out, learning this password likely reveals info about your other passwords.
B) Windows has for the longest time refused to allow remote connections to accounts with a blank password, regardless of other policies on your computer. A blank password is far more secure than a weak password. Blank password means no RDP, no telnet, no SMB connections (unless youre using a home edition), no management connections.
C) Passwords are trivial to circumvent, when you have physical access (and for remote, see #2). A 1meg boot iso can completely wipe out your password; an ophcrack disk can reveal it; any linux liveboot distro can run chntpw and kill the password.
Also, if youre on a laptop, its far better (imo) to have it set to autologon, lock the bios, and have boot time services which connect to wifi and grant you remote control (if your laptop is ever stolen. If you have a password, a thief can trivially get to your data unless youve truecrypted your drive; if its set to autologon, at least you have an attempt to grab geolocation data and control the webcam.
Basically, if your data is REALLY that sensitive, you need to be running volume or full disk encryption, not relying on a windows logon. Windows logons are only useful for network (AD) authentication, or multiple users on a locked down computer.
Was going to post a snarky comment about "im sure you have to buy a mac first", but it looks like they dont require anything more than visiting their page and filling out a form. Looks pretty cool, and provides a nice answer to "what do I do with my stack of crappy decade-old laptops".
What, exactly, am i logging into without wireless? Why would I care about keystroke capturing if I have no connectivity? Why am I opening Top Secret documents @ DEFCON?
Seems to me I would be listening to music and taking notes.
Sure, thunderbolt is better, if you live in a perfect world without an installed base of USB2.
"A blurry mess" is not what I saw when I played Super Metroid with eg Super2xSAI; I remember it being remarkably sharp. Check out the example picture from Wikipedia, and then tell me the TV on the right (2xSAI) is "blurry".
I suppose if you zoom in 10x, yes, you can see a "blur", but I dont play a game zoomed in to 10x. Scaling from 320x240 to 800x600 will either result in a blocky mess, or if you apply a filter it "sharpens" (that is, makes the image clearer and more understandable) the image through what you are calling "blur".
I suppose there could be. Are you sure there isnt some network command that will cause your PC to start listening on port 22 for assembly instructions to execute?
Just asking the question doesnt make it a significant concern.
From the article, where they indicated USB3 specs allow .9mA @ 5v, and then claimed it was a 100x increase to go to 100W.
Or just disable your data ports and adapters (ethernet, bluetooth, wifi), and your usb ports. Good luck hacking that; I dont care if youre an NSA agent with Charles Babbage as a lifeline, I doubt you have a hack that can exploit an unpowered wifi adapter.
Well, the bug is that the on-screen prompt occurred at all. That's the part needs to be stopped.
This can be done in plaintext open wifi connections to laptops. You request www.google.com, i send you www.InfectMeWithARootkit.com, which requests permission to download and run executable code. If you agree, you will be rootkitted.
Or on a blackberry, you send a link to a malicious .jad file, and it asks if you want to download, and later run, the content.
What good is encryption when they just hand it over to the government:
What, without my BES server's AES-256 key? Good luck with that.
might as well expose them to a Linux distribution that at least has scores of layman support, such as Ubuntu.
If their operating margins are thin-- which for non-profits, they likely are-- it is much cheaper in terms of administration and time to simply purchase a charity XP license than it is to deal with Ubuntu-- training, securing, troubleshooting, etc. XP has been around for some 10 years, even administrative and accounting folks have learned enough to do general troubleshooting on that.
You do them no favors by introducing a new system, which being new and foreign to them, has inherently higher costs.
The place for *Nix is in non-profits where YOU are the full time admin and can handle and minimize those costs. Foisting it off on someone else because you somehow think the $10 for a charity license is somehow significant is not helpful.
This. At around $10 per license for XP installs and a few dollars for office etc, it makes sense to just run DBAN (a quick run) and let them get on with it.
Honestly, when friends dump old laptops on me with old data and software I forever worry about whether they might need that data back, or if the licenses are needed etc. A blank computer is always easier and less hassle for me since I dont have to worry about that.
And video and audio filters never look or sound as good as the real thing.
I still have an SNES, and used to play a ton of ZSNES. I also used to play a lot on a GBA emulator. After using some of the graphics filters, I completely disagree. Try blowing a GBA game up to 800x600 without a filter, and then try it with a filter, and tell me theres not a world of difference.
USB negotiates power requirements. It could refuse to deliver such a high power output. Additionally, it could accept power over usb from a powered hub or whatnot.
Youre not seeing the big picture. Think of this scenario:
You have a monitor, mouse, keyboard, and printer at work. All the peripherals are plugged into the monitor's USB hub. When you bring your laptop into work, you plug a single USB3 cable from the monitor into the laptop; this delivers 90W of power (for charging), and also hooks in all of the peripherals.
THATS what theyre shooting for.
Why add an extra port to charge the device, and why limit USB to 1W which would only power very small devices.
That is an error in the article, where they indicated current USB has a 900mA, 5v limit, and then stating that that is equal to .9W.
Wattage is amps * volts, so USB3 has a 4.5W limit. This would not be a 100x increase, but a 22x increase.
Thats their fault for being irresponsible. Would you have us be enablers for this irresponsibility by making it so you CAN live your life in blithe ignorance?
Why not simply expect people to manage their own affairs and watch what agreements they enter into, and not try to protect them from themselves? This is kind of foundational for moving past middle and high school, and becoming a mature and responsible adult.
People don't understand what they trade off most of the times... When was the last time you actually reads an agreement before signing up?
This is neither Google's fault, nor a reason to call for more legislation, nor a reason for you to care for those people.
If people cant be bothered to read the contract, the solution is NOT to weaken contracts; if people cant be bothered to read the privacy policy the solution is not to crack down on the companies. The ONLY (and I mean ONLY) way to have a long term "fix" is to make people have to care about what is truly important, by enforcing the privacy policies and agreements people enter into. If it becomes a big issue, they will have to care-- this is how adults are supposed to behave.
After running wireshark and ProcMon to verify their claims, yes, yes I do. Others have similarly audited it.
And honestly, when time and time again, Google shows complete integrity in saying what they are doing and being true to their word, I do not understand the cynicism. Can you show me a single example of Google lying about their actions? The biggest gaffe I can remember-- the wifi data gathering-- resulted in them giving a full mea culpa confession and beginning an independent audit.
What about a company that acts in this way makes you want to be skeptical of THEM, of all people?
Yes, well at least the riots in England are the worst of Europe's troubles.
Yes, a forcible and illegal cyber attack by members of /b/ (of all people) designed to destroy a social network will be the beginning of a golden age of civility. Thats EXACTLY what will happen.