Perhaps I'm just philosophically different, but the idea that everything currently on my hard drive is important is just nonsense. I have a lot of cruft and I admit it. And I admit that everything I like can be safely put back onto another spinning disk anytime.
Call me Orwellian, but there's no way I will ever accept that for myself. Maybe with another set of internet protocols, maybe with another safe-guarantee internet, and maybe even then I will not have it.Originally Posted by MutantJohn
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
O_oCall me Orwellian, but there's no way I will ever accept that for myself. Maybe with another set of internet protocols, maybe with another safe-guarantee internet, and maybe even then I will not have it.
I'm with you, for the most part, but I do have two exceptions:
1): if the file is something you wouldn't care if literally everyone had access.
2): if you apply an absurdly robust layer of "headless" cryptography locally before ever sending the file.
*shrug*
Feel free to call me paranoid, I'm not throwing anything not already heavily protected across a wire no matter the apparent security.
Soma
“Salem Was Wrong!” -- Pedant Necromancer
“Four isn't random!” -- Gibbering Mouther
Well, I just don't really have anything that important on my computer XD
Actually, I do. But I don't care if people have access to it.
You can be held responsible if the wrong data falls into the wrong hands...Actually, I do. But I don't care if people have access to it.
You should also get into the habit of actually caring if people get their hands on your data. One day it might be something that's very important to you, whether that be passwords, license keys, secret or confidential documents, source code or just plain stuff you don't want others to see/find.
I always recommend encrypting your hard drives and encrypting such confidential stuff in such a way that you need a password to access it so that whoever downloads the data cannot access it (e.g. use file containers).
Only, he just said he doesn't care if others see it.
Though I can't relate to him, MutantJohn's scenario is very valid. Full HDD encryptions is downright silly when you yourself declare it okay for the neighbors see your data.
And I said that one day MutantJohn might live to regret that. Start fixing that attitude now is my advice.
I still see full hard drive encryption a good thing even if you declare it okay for your neighbors to see your data. Why do you want to give a thief a boon when they steal your computer? Protect your data and don't let thieves have it. That's the primary reason you use encryption, even if it's just irrelevant data.
But I don't think I'm good enough at programming that my source code is more amazing than other closed-source projects. Even then, it's not better than open-source ones and I myself made it open-source.
If my personal data was hacked, it's because Well Fargo really, really messed up. Or someone installed a keylogger on my computer. I mean, I don't want to get hacked and I'm not making myself open to security threats. Plus, Linux.
I'm just saying, my data is liquid. It's all somewhere on the internet. It's all easy to regenerate, is my point. Steam is all online, music is all online, I toss out more versions of my novel than HDD failures do and my precious code is on github. This is kind of all I use my computer for, to be honest. The only thing that would be lame about a HDD failure for me would be the fact that I have to regenerate everything but looking at it now, that's only 271 GB.
Plus, I let my gf use my computer all the time. There's nothing on here that I wouldn't mind someone seeing. I don't have any secret things on my computer, I guess. I'm really trying to think if I have something I wouldn't want her to see and there isn't anything coming to my mind.
Maybe I'm naive about what people can do with my computer but from my perspective, there isn't really much on here that's incriminating. I mean, I call out the NSA on message boards pretty regularly.
Actually, just like this : Hey NSA! Get. At. This!
There is nothing particular on LInux that makes it safer than windows, in fact it is more insecure with all the distros having ........ 0-days in there packages.One does not have to exploit the kernel to get to you.
Your passwords. If you don't have passwords stored on your computer, then you're doing something wrong.
O_oThere is nothing particular on LInux that makes it safer than windows, in fact it is more insecure with all the distros having ........ 0-days in there packages.
I agree that the "Because Linux" mindset is terribly flawed, but your argument is rally just as flawed.
How many "Windows" packages have "zeroth day" exploits? (Actually, how many people are still running "Windows XP" on the internet despite the "end of life" status?) How many "Mac OSX" packages "zeroth" day exploits?
You want to be secure? Start by abandoning any flavor of "Because Linux" or "Because Windows".
O_oIf you don't have passwords stored on your computer, then you're doing something wrong.
I don't have passwords stored on my computer.
I'm looking forward to hearing why you believe "password lockers" are not "something wrong" when compared with any of the legitimate alternatives.
o_OMaybe I'm naive about what people can do with my computer but from my perspective, there isn't really much on here that's incriminating.
I wanted to take this last because I did not want to overstate this: that attitude is incredibly naive with only a slight jaunt to completely ........ing moronic.
A piece of data does not have to be incrementing in the "Hey NSA! Get. At. This!" sense to be used for harm.
Let's take a look at a few examples:
Has your girlfriend ever given you a gift in the form of a nude/scantily clad snapshot? That image, despite being a completely innocent loving gesture, can easily be used to hurt you. Even if you and your girlfriend are extreme exhibitionists, someone like me could easily use that image to hurt you. If nothing else, all one has to do is post it on the ".............. of the internet" where the trolls will do the work of "causing harm" by tracking your girlfriends contacts down and harassing her for reasons.
Is your schedule automatically linked with your compute? (You'll see that as "automatic login" and similar.) Is your girlfriends schedule similarly automatically linked? You may not have anyone in your life you are afraid of seeing, but do you really want me to paint you a picture of what terrible harm could be done with that information?
What about social media? Does your computer not ask you to "login" to "Facebook" or whatever? In only a few hours, a person skilled with "social engineering" could completely ruin your standing with your associates. You may have a strong relationship with family and close friends, but could you convince potential employers that you were "hacked" as opposed to just an racist, sexist jerk? Even if seemingly temporary at first, a few hours of someone malicious wearing your mask could leave you with a lifelong smell not all of your friends and family will be able to ignore no matter how much you protest.
The potential harm you face doesn't have to be jail time; it could be something as simple, and horrifying, as people calling you and your girlfriend at all hours seeking pornographic encounters or offering threats on your lives.
If you think you are "man enough" to "deal with it" for a few days, let me save you the embarrassment by just going ahead and telling you that you are not.
Soma
“Salem Was Wrong!” -- Pedant Necromancer
“Four isn't random!” -- Gibbering Mouther
Which legitimate alternatives do you speak of?
The idea is that each site shall have a unique, complex and unbreakable password. How many of those can you remember? So instead the idea is to store those unique passwords somewhere and encrypt them with a single strong password. The hackers can obviously not know of your "password storage," so each site is independent of each other, so the inevitable breach won't breach other sites because you share password. Nor are hackers able to crack your password.
But that makes your password storage a target, and if it's on your computer and encrypted and you don't hand over the password to decrypt the files to someone else, they're usually much, much safer than if you would, say, store them in the web, encrypted or not.
So how do you manage this situation?
Or even, perhaps one day... your children? Scantly clad children are considered absolutely okay, but what if they're spread on the internet?
O_ounbreakable
I'm going to ignore that because you clearly arrived at that purely by accident trying to clear a spillage of some kind from your keyboard.
Yes. I am well aware of what "password lockers" do for people. I am also well aware "strong passwords" are no longer relevant. A focused attack will soon, or "soonish", grant access. The goal now then is, as you suggest, to diminish the attack surface. One step in reducing the "attack surface" is never reusing passwords.
The thing is, you don't have to use a "password locker" to store passwords. Storing the encrypted passwords isn't a bad strategy, but many other methods of "guaranteeing" unique passwords exist. The strategies simply have different advantages/disadvantages which in no way implies "doing something wrong".
Hashing a phrase with the site and a "personal thought about the site" as a "per site salt" easily reproduces the same password without the actual burden of remembering a "unique, complex and unbreakable password"--could not resist--for each site.
I have the same "headless" cryptography implemented on my desktop, laptop, telephone, and even website for emergencies. I had no intention of storing a "password database" exclusively on my telephone simply so that I might have my passwords with me, and I find no value in a "password database" that isn't synced. For me, the advantage of "no password database" is an easy value in exchange for remembering a "per site salt" which is really just a thought about the site in any event.
The discussed forms are only two of several viable strategies for reducing the "attack surface" without undue burden.
[Edit]
I imagine that someone is going to suggest "cloud password lockers".
Whomever you may be, feel free to do as you like. I have no intention of trusting the "cloud" with a collection of all of my passwords.
[/Edit]
Soma
“Salem Was Wrong!” -- Pedant Necromancer
“Four isn't random!” -- Gibbering Mouther
^_^does not have to be incrementing
That is another excellent typo even if I do say so...
Soma
“Salem Was Wrong!” -- Pedant Necromancer
“Four isn't random!” -- Gibbering Mouther
No it's not. A used vanilla Windows installation (with automatic updates) will be much more likely to accumulate malware than a used vanilla GNU/Linux distro (with automatic updates).
Wow, I think I just soiled my pants. You better get encrypting those drives, MutantJohn!
