From the related thread: https://news.ycombinator.com/item?id=12015388
"In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
=>
"In today's education world, it appears to be a virtual certainty that research information from countries which allow foreign students can—and eventually will—be stolen."
An open source information treaty might solve the problem. Share info between overlapping projects and GPL the resulting IP, publish in an open journal. Everyone saves money on research and hacking.
Like snooping on their users' files, and reporting them to the police? Because that's what Dropbox is doing, and is exactly the opposite of what Seafile is doing.
No doubt they learned a lot from Gemasolar. The article describes Crescent Dunes as the first "utility scale" plant. The wikipedia page is a bit more quantitative, listing its capacity at 125 MW, vs Gemasolar's 20MW:
More precise question is: Is Intel CPU connected with 3G laptop modem on Mac? If YES: Data can be read/written remotely from/on your Mac (even if turned OFF - as long batteries are installed). If NO: Most probably it can not be done! (Source: http://www.intel.com/content/dam/doc/product-brief/mobile-co...)
It may be, that Intel didn't plan this as an NSA/XYZ back door - but it doesn't actually matter. What matters is that we know 1) Intel has such technology implemented in allmost all desktops/servers currently running 2) you can access those machines remotely (even over GSM) and perform reads/writes.
Example misuse: somebody can put illegal stuff on your machine and then sue you...
(Intel has marketed this feature for big companies so they can format the HDD remotely over GSM in case laptop was stolen.)
They can remotely wipe my stolen machines? That's the one cool thing I've heard. How come I haven't received that email in my spam box? Poor marketing attempt if that's what they're aiming for. I'm not running a huge company but they could at least try targeting the SMB sector (I think I qualify for that). I'm against the ME vector up until it's actually useful to me.
P.S. fbi please don't hax0r me for commenting. Actually, go ahead, ya bastards.
"The freedom to study how the program works, and change it so it does your computing as you wish"
In this sense you should be able to change the firmware (since it is open source in the sense of the OSI definition) and remove the monitoring for ad targeting. If this is not possible, Google's firmware is not open source (see https://opensource.org/osd).
I guess they don't (yet) have embedded mobile phone tech. I guess they use wireless cellular modem integrated in many laptops.
EDIT: Here the relevant part from link above: "Notification via an encrypted SMS text message over a 3G network. For this option, the laptop does not need to be connected to the Internet. This feature works even if the OS in not running or has been reinstalled, thanks to a hardware-to-hardware link between the 3G card and the Intel AT system."
Passwords became hard to manage... now you have to choose >>different<< password for every site... Who can remember all those passwords? Only a password manager...
Keys. That are approximately equivalent to long passwords, but have a standard length, and do not need sending through the network. They are also something you have, that can be protected by a password for 2FA.
But that just won't happen. So many sites can not even accept big passwords, they won't all migrating to any sane schema.
Biometrics are good replacements for usernames, but not for passwords. Biometrics can't be changed in the event of a breach, and can be taken from you surreptitiously or by force.
They can be fooled now, but that is an implementation flaw, not a problem with the concept. I wouldn't cite the weakness of unsalted MD5 hashes as a problem with the concept of passwords.
I agree with your assessment of what biometrics can and cannot do. That is why I specifically said that in most situations, passwords are only used to verify someone's identity, and thus can be replaced with biometrics.
It's really not hard. Generate passwords with 'pwgen -s 22' and store them in a gpg-encrypted file. emacs will prompt for your password when you open & when you save the file (there's probably vim code to do the same). Done.
It's not a completely ideal password manager, but it works.
If you can remember your password, then you shouldn't be typing it into a remote system, period.
That's really an awful solution compared to something like 1Password which has browser integration and synchronization between different devices. They even have a solution for groups.
Shameless plug time! Instead of remembering different passwords or using a password manager (and thus storing all your passwords somewhere) you can use https://salty.pw/
Problem with this is when you need a password with a capital letter, or with no symbols, or only 8 characters long.
Additionally, how do you determine the service name? e.g. I have a wordpress.com account; do I call that 'WordPress' or 'wordpress' or 'wordpress.com'? I guess using the domain name is fairly robust, but then you get stuff like Stack Exchange, or the service changes its domain name, or international variants - google.com vs. google.co.uk.
Yup, arbitrary restrictions on passwords are a bane. I've thought about adding various modes but then you need to remember the mode you used. So far the most sensible option seems to be falling back to a password manager for those sites.
As for the service name I've had no issues with that in my use. Just come up with whatever rule is easy for you to remember. Worst case you'll have to make a few tries.
now a site has been breached and your username/password was leaked... yay, you'll have to either start using a traditional password manager for this special case or change every.single.password.you.have.
Or you could change the algorithm and make it unique to you. A bit more technical but the point isn't to be ultimately secure, just more secure than your 'neighbors'.
An interesting idea. Any thoughts on how to use this on websites that force a password change periodically? Using a versioned salt maybe, although that could get tricky after a few iterations.
It's simple concatenation. The exact algorithm is described at the bottom of the page so that one could reproduce it (and their passwords) independently.
I vaguely remember giving it some consideration. But the bigger point is that my judgement on these things is not to be trusted since I'm just an application developer and not a crypto expert.
Yeah thats the thing, I'm not a crypto expert either but I'd love to use it. But if it gets popular, and there is an accidental mistake that actually makes it easy to guess passwords, I don't want to risk that happening.
Good news. Did a bit of investigation, it seems like this could be vulnerable to a length extension attack [1] (though the attack its still pretty useless in this particular case) but it appears that truncating is both safe and takes care of length extension attacks! [2]
Well...nowhere online. I've got a MicroCenter nearby. They claim to have a bunch in stock in their store, and I've heard other people claim that they bought theirs there. I've got to imagine that there are other electronics shops in a similar situation.
they're ramping up the availability at the moment, adafruit has them I think http://whereismypizero.com/ - some places only have them as part of a kit admittedly, but I managed to buy one on its own.
I'm confident availability is getting easier, and the new version has a camera slot too.
