user education should be printed in all caps, bold, underlined, comic sans, etc...
At some point, unless we develop new algorithms that utterly break how current encryption algorithms behave (which I know I know, is a possibility... and of course the NSA has it already)... your weakest point is not going to be the computer. It's going to be the lackey at the front-desk happily letting a "tech" in (physically or electronically)
I think what most of the people responding to this post aren't realizing (or acknowledging) is that your security needs to be appropriate for the data it's protecting.
If we're talking about a corporations backbone, then yeah saying "it's not connected to the internet" isn't acceptable.
If instead we're talking about some John Doe's personal data, then you aren't going to be attacked in the same way. Keeping it on a drive that has no internet access is probably good enough.
Can we mod this parent up to 6 and all the other people missing this very point down to "off-topic"?
Seriously, apples and oranges. Tesla's cars were being "tracked" because they were in a car being reviewed... AND the reviewer knew about it prior to even getting in the car.
I can't figure out what they mean by putting the kopimi link on their pages.
Is it only supposed to apply to the data that the torrents contain (in the sense that a torrent contains actual torrenty data, and the instructions for how to get other data)?
The token isn't the phone, the token is the thing that the bank is sending you on the phone. It's not on the phone, it's just being displayed by the phone.
But this doesn't address the issue of why bars are difficult.
Saying "take the current" or "take the total" might be easy if you're just talking about moving a fixed number of files around. But even then, do you want it to be the file count (easy) or the total size (not quite as easy to interpolate between unless your OS gives you progress on each file's copy progress). Now introduce any interference to either of the devices (source, destination). Oh, you want to look at a webpage on the same computer while the files are copying... well, the browser is now caching to disk, that's going to take up some of the IO (not to mention how interesting multithreaded processing can be).
And all that for a simple file copy progress bar.
Now, let's imagine that it's an installer that has to copy files from both an optical media source, the internet, and to a hard-drive... and then execute some cpu bound tasks.
I think we should just make them all throbbers/spinners/whatever you want to call them, and ignore the people who complain./rantoff:D
I suppose the other thing that my bank does is requiring you to enter a generated number (which they provide by SMS or automated call) to a phone number they have on file. The number is only valid for a few minutes (I don't know the actual timeout).
This seems closer to two-factor, except 1) they have the number generator, so it isn't something YOU have and 2) you can tell their log-in site that "this computer is trusted" and you don't have to enter the number again.
Totally agree... which is why I'm attempting to point out that it isn't two-factor. Banks might get it, but the security "experts" that seem to inhabit most IT departments don't.
Slashdot Mirror
user education should be printed in all caps, bold, underlined, comic sans, etc...
At some point, unless we develop new algorithms that utterly break how current encryption algorithms behave (which I know I know, is a possibility... and of course the NSA has it already)... your weakest point is not going to be the computer. It's going to be the lackey at the front-desk happily letting a "tech" in (physically or electronically)
I think what most of the people responding to this post aren't realizing (or acknowledging) is that your security needs to be appropriate for the data it's protecting.
If we're talking about a corporations backbone, then yeah saying "it's not connected to the internet" isn't acceptable.
If instead we're talking about some John Doe's personal data, then you aren't going to be attacked in the same way. Keeping it on a drive that has no internet access is probably good enough.
Perhaps. But that's not because of some technological arcaneness to the stories (which is all my rebuttal was about)
I guess it doesn't seem all that arcane to me.
1) Install an app
2) scan a qr code
3) insert money
4) scan a qr code
and this is slashdot... not the vast majority of the world...
FINE Sillier AC
Pots also can't talk
Silly AC. Everyone knows that Kettles can't talk.
Can we mod this parent up to 6 and all the other people missing this very point down to "off-topic"?
Seriously, apples and oranges. Tesla's cars were being "tracked" because they were in a car being reviewed... AND the reviewer knew about it prior to even getting in the car.
http://www.youtube.com/watch?v=DLxq90xmYUs
I can't figure out what they mean by putting the kopimi link on their pages.
Is it only supposed to apply to the data that the torrents contain (in the sense that a torrent contains actual torrenty data, and the instructions for how to get other data)?
shhhhhhhhh don't upset the google.
Also, nice sig!
The token isn't the phone, the token is the thing that the bank is sending you on the phone. It's not on the phone, it's just being displayed by the phone.
This isn't entirely accurate, but it's wrong in a way that makes Broder look even worse.
After Tesla's Top Gear debacle, they put logging devices in the cars and had future reviewers agree to their use. This is something that Broder was (or should have been) aware of.
I'm not quite that angry yet. Also, knowing that your program isn't just hung is a reasonably good thing.
You actually have to flip the variables around.
progress = current / total
You actually have to flip the variables around.
progress = current / total
But this doesn't address the issue of why bars are difficult.
Saying "take the current" or "take the total" might be easy if you're just talking about moving a fixed number of files around. But even then, do you want it to be the file count (easy) or the total size (not quite as easy to interpolate between unless your OS gives you progress on each file's copy progress). Now introduce any interference to either of the devices (source, destination). Oh, you want to look at a webpage on the same computer while the files are copying... well, the browser is now caching to disk, that's going to take up some of the IO (not to mention how interesting multithreaded processing can be).
And all that for a simple file copy progress bar.
Now, let's imagine that it's an installer that has to copy files from both an optical media source, the internet, and to a hard-drive... and then execute some cpu bound tasks.
I think we should just make them all throbbers/spinners/whatever you want to call them, and ignore the people who complain. /rantoff :D
Mod parent up.
I expanded your comment because I read the title and thought you were another one of those "i don't need no skool" morans!
But, that wasn't the case. This is exactly the answer people need.
Also, Cyprus Credit Union in Utah.
This.
Thank you (I turn my head for a few minutes, and I get a bunch of replies from people that are security "experts").
If someone else is doing the generating and just telling me the code, it is not a thing that I have.
I suppose the other thing that my bank does is requiring you to enter a generated number (which they provide by SMS or automated call) to a phone number they have on file. The number is only valid for a few minutes (I don't know the actual timeout).
This seems closer to two-factor, except 1) they have the number generator, so it isn't something YOU have and 2) you can tell their log-in site that "this computer is trusted" and you don't have to enter the number again.
Totally agree... which is why I'm attempting to point out that it isn't two-factor. Banks might get it, but the security "experts" that seem to inhabit most IT departments don't.
As long as it's actual two-factor authentication. None of the fake crap that people call two-factor.
For the record, asking me to pick a picture isn't a second form. Something you know, something you have, etc...
I should make a hoodie about that.
until now...
*checks printer*
Fair enough, but it doesn't change the intent of my original post. More people voted for Democrat representatives than Republicans.
Saying that "Oh, the GOP controls the house! Clearly they have a mandate" is wrong.