chasfh Posted December 31, 2024 Posted December 31, 2024 12 hours ago, Deleterious said: I stay away from all centralized password managers. I use KeepassXC. That saves an encrypted password file on my PC then I use SyncTrayzor to distribute it to phone/tablet/laptop. I have it set that anytime something is plugged in to charge and is on my wifi network, it syncs the file so my phone always has my updated password file. This is essentially how LastPass works, which is why website passwords aren’t at risk. They are kept locally on machines and transferred securely. LastPass keeps no passwords, including master passwords, on their platform. Quote
Tigeraholic1 Posted December 31, 2024 Posted December 31, 2024 9 hours ago, Screwball said: Once the plastic runs out... U.S. homelessness rises 18% amid affordable housing shortage - NBC Huh, we were told this crisis was being averted via the IRA. Quote
Screwball Posted December 31, 2024 Posted December 31, 2024 US Treasury says it was hacked by China in 'major incident' - BBC FTA: Quote It said it was made aware of the hack on 8 December by BeyondTrust, a spokesperson told the BBC. According to the company, the suspicious activity was first spotted on 2 December, but it took three days for the company to determine it had been hacked. The spokesperson said the hackers were able to remotely access several Treasury user workstations and some unclassified documents that were kept by those users. The department did not specify the nature of these files, or when and for how long the hack took place. They also did not specify the level of confidentiality of the computer systems or the seniority of the staff whose materials were accessed. The hackers may have been able to create accounts or change passwords in the three days that they were being watched by BeyondTrust. As espionage agents, the hackers are believed to have been seeking information, rather than attempting to steal funds. Steal funds? Hey dumbasses, we are $36,144,183,375,647.43 in debt as of yesterday. LOL! Quote
Deleterious Posted December 31, 2024 Posted December 31, 2024 2 hours ago, chasfh said: This is essentially how LastPass works, which is why website passwords aren’t at risk. They are kept locally on machines and transferred securely. LastPass keeps no passwords, including master passwords, on their platform. Your last sentence makes me think you need to do a lot more research on this. 1 Quote
chasfh Posted January 1 Posted January 1 19 hours ago, Deleterious said: Your last sentence makes me think you need to do a lot more research on this. Here’s what my research tells me: https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass/FAQ_LastPass_Secure.html&_LANG=enus Your master password is never sent to LastPass. When you log in to LastPass using your master password, both the password hash and decryption key are generated locally. The password hash is sent to our servers to verify you. Once verified, LastPass grants you the ability to access your vault. This means that only your password hash is sent to LastPass, not your master password. The decryption key never leaves your computer and is used to decrypt your vault locally once you have been verified. When creating your LastPass account or when changing your master password, LastPass checks if the password you entered as your master password has been exposed. For more information, view How does LastPass know if my master password was exposed?. Your sensitive data is encrypted. We use 256-bit AES encryption to protect the contents of your LastPass vault. Since your vault is already encrypted before it reaches the LastPass server, your vault contents cannot be accessed, even by a LastPass representative. LastPass uses a one-way salted hash. A one-way function is one that cannot be reversed. A hash is a representation of your master password. The process of salting adds extra data to the hash in order to add complexity. LastPass uses the username to salt the master password. In other words, LastPass enters the username and master password into one-way functions to create a salted hash. Since the function cannot be reversed, even if the salted hash was compromised, the attacker would still be unable to obtain the master password. LastPass uses PBKDF2-SHA256 rounds. This feature makes the salted hash even more complicated for an attacker because it increases the number of iterations it takes in order for a password to be accurately guessed. Using a one-way salted hash with a high number of iterations, along with making sure your master password is long and complex, provides the greatest potential for preventing your sensitive dating from being compromised. Learn more about password iterations. For more information, please see LastPass Security and the LastPass Technical Whitepaper (PDF). Now, you may be thinking, “Typical Chaz, what a ****ing dumbass, spitting back corporate propaganda at me, you don’t know jack **** and you deserve to have all your **** stolen.” And you and your friend are free to believe that. My only defense is that LastPass operates out in the open as an above-board white-hat digital company, so I am taking them at their word that they are being on the level about their technical, rather than misleading us into giving up our passwords so they can, I guess, use them to drain our bank accounts, or perhaps sell them off to the any terrorist or rogue foreign government who flashes a wad of sawbucks at them. I’m going to go out on a limb and assume they don’t or won’t do that. What does your research tells you? Quote
Deleterious Posted January 1 Posted January 1 Typical company. Trumpet the big changes you made to secure your product. Then don't implement those changes across all of your platform. Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach Plus, pretty much every security site on the web says not to use them. I admit I'm very anal about these types of things and probably go overboard. But like I originally said, I would never use a centralized password manager like LastPass, 1Pass, BitWarden, etc. I just like the extra security step of nobody having my encrypted password file. Quote
gehringer_2 Posted January 1 Posted January 1 2 minutes ago, Deleterious said: Typical company. Trumpet the big changes you made to secure your product. Then don't implement those changes across all of your platform. Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach Plus, pretty much every security site on the web says not to use them. I admit I'm very anal about these types of things and probably go overboard. But like I originally said, I would never use a centralized password manager like LastPass, 1Pass, BitWarden, etc. I just like the extra security step of nobody having my encrypted password file. These folks put their seed phrase online. Isn't that at about the same level as leaving a post-it note with your password on your monitor? Does last pass advise people that is a good thing to do? There always has to be something you remember yourself that isn't stored anywhere. The key is to leverage remembering one easy thing for you into a bunch of other locks that are hard to open. I don't have anything against PW managers per se but I'm too multi-platform to have found one that works everywhere I would want it to. I generally use a personal "seed" string and an algorithm to generate passwords for any site I visit. I don't have to remember them because I know how I generated them. If you hacked my google account you might figure out the algorithm, but you still wouldn't have the core string. That isn't stored anywhere. OTOH, the core string by itself isn't the PW to anything. Quote
Deleterious Posted January 1 Posted January 1 27 minutes ago, gehringer_2 said: These folks put their seed phrase online. Isn't that at about the same level as leaving a post-it note with your password on your monitor? Does last pass advise people that is a good thing to do? There always has to be something you remember yourself that isn't stored anywhere. The key is to leverage remembering one easy thing for you into a bunch of other locks that are hard to open. I don't have anything against PW managers per se but I'm too multi-platform to have found one that works everywhere I would want it to. I generally use a personal "seed" string and an algorithm to generate passwords for any site I visit. I don't have to remember them because I know how I generated them. If you hacked my google account you might figure out the algorithm, but you still wouldn't have the core string. That isn't stored anywhere. OTOH, the core string by itself isn't the PW to anything. KeePassXC might be worth looking at for you. Open Source and a version on every platform including both mobile OS's. I then use something to sync the files across all my devices. But you could do that with a cron job too. I have to use a PW manager. I bet I have over a thousand passwords and they all look something like this: Quote $[;u{Z^97@)egbCZ%`b2cN+hF&.k)4Uk So no way I'm remembering that. I remember a single password to open the encrypted file that holds all the passwords. The girl knows the password so if I die she has access to everything. Every two weeks the file is put on a thumb drive with everything else I want backed up, taxes, personal documents, etc and put in my safe deposit box. 2FA is used when available. I also have copies of the master file on each device since I sync those. 1 Quote
Screwball Posted January 1 Posted January 1 I remember the days when we had no computers. I started in the engineering world making drawings with a pencil, a mechanical arm, and a hand held calculator. Just missed the slide rule days. Then computers came along and it all changed. IPS changed everything. Math became easy with a computer and some language. The result gave us all the nice things we have today that were not practical back in those days. The downside - computers and passwords. Passwords and the management of them, are a pain in the ass. A necessary evil, but a pain in the ass. Quote
gehringer_2 Posted January 1 Posted January 1 1 minute ago, Screwball said: Just missed the slide rule days I had a really nice Pickett. My sophomore year my roommate and I split the outrageous cost of one of the first HP35s and that was that. Quote
Tiger337 Posted January 2 Posted January 2 16 minutes ago, Screwball said: I remember the days when we had no computers. I started in the engineering world making drawings with a pencil, a mechanical arm, and a hand held calculator. Just missed the slide rule days. Then computers came along and it all changed. IPS changed everything. Math became easy with a computer and some language. The result gave us all the nice things we have today that were not practical back in those days. The downside - computers and passwords. Passwords and the management of them, are a pain in the ass. A necessary evil, but a pain in the ass. Computers became a problem when the inernet got too big. We have EVERYTHING on there now and it has become unmanageable. I liked the internet better when it was a place to get information and people who were really interested in a partucular topic could exchange ideas with each other. Now, people live their whole life on the internet. There are many benefits to that for both businesses and consumers, but it has turned into a **** show. Unfortunately, we can't really do without it now. You can't put the toothpaste back in the tube. Quote
Screwball Posted January 2 Posted January 2 12 minutes ago, Tiger337 said: Computers became a problem when the inernet got too big. We have EVERYTHING on there now and it has become unmanageable. I liked the internet better when it was a place to get information and people who were really interested in a partucular topic could exchange ideas with each other. Now, people live their whole life on the internet. There are many benefits to that for both businesses and consumers, but it has turned into a **** show. Unfortunately, we can't really do without it now. You can't put the toothpaste back in the tube. No argument. I was coming from the technology angle. Computers could do math so much faster (even back then), which helped with things like CAD (computer aided design). Next thing you know, they are making things on the computer that simulated real life parts. Even people parts. It exploded time to market and the race was on. My first kick ass system was a Sun Microsystem Sparx station running UNIX. Cost 20k circa 1990. Then came DOS (not saying that was better for what we were doing), Windows, and personal home computers. Incredible stuff when you think about it. From the eng/mfg world, the impact was huge. AutoCad went Windows in 1992. Once that happened, every business, large or small, could (eventually) reduce head counts by getting rid of engineers/mechanical draftsmen. Same thing happened in the offices. Excel, Word, you name it. All more efficient due to computers so less people. The next steps we are seeing now. Both mechanical, and digital. Robots and AI. It all starts with math. Mechanical side is x,y,z and the digital side is binary numbers. Zero's and ones. It's almost Orwellian, no? Quote
Tiger337 Posted January 2 Posted January 2 22 minutes ago, Screwball said: No argument. I was coming from the technology angle. Computers could do math so much faster (even back then), which helped with things like CAD (computer aided design). Next thing you know, they are making things on the computer that simulated real life parts. Even people parts. It exploded time to market and the race was on. My first kick ass system was a Sun Microsystem Sparx station running UNIX. Cost 20k circa 1990. Then came DOS (not saying that was better for what we were doing), Windows, and personal home computers. Incredible stuff when you think about it. From the eng/mfg world, the impact was huge. AutoCad went Windows in 1992. Once that happened, every business, large or small, could (eventually) reduce head counts by getting rid of engineers/mechanical draftsmen. Same thing happened in the offices. Excel, Word, you name it. All more efficient due to computers so less people. The next steps we are seeing now. Both mechanical, and digital. Robots and AI. It all starts with math. Mechanical side is x,y,z and the digital side is binary numbers. Zero's and ones. It's almost Orwellian, no? Since I do statistical programming for a living, I've gone the whole thing like you said. My first course in high school used the cards, then I progressed to deck writers, etc. Now, I love to tell my students that there were no screens when I took my first computer class! Anyway, now we have AI which I am starting to use at work to help write programs. Eventually, they won't need people who do what I do, but I'm too old to care. Quote
gehringer_2 Posted January 2 Posted January 2 41 minutes ago, Tiger337 said: Since I do statistical programming for a living, I've gone the whole thing like you said. My first course in high school used the cards, then I progressed to deck writers, etc. Now, I love to tell my students that there were no screens when I took my first computer class! Anyway, now we have AI which I am starting to use at work to help write programs. Eventually, they won't need people who do what I do, but I'm too old to care. My Master's project was on 3000 80 column punch cards. I got to where I could hold an IBM card to a light and read it without the text printed on top. Another entry in the inventory of now useless but once needed life skills. I always wonder if the limiting factor on AI is going to be the GIGO problem. How do you keep the models from corrupting themselves with all the falsehood that is out there? Anyway, there aren't many examples of technologies that have been successfully kept in the bottle. The Japanese managed to keep firearms from widespread use for 250 years but it's hard to think of other examples. We've managed 80 yrs without a nuclear war, but it's been a continually dicey proposition. Quote
Screwball Posted January 2 Posted January 2 52 minutes ago, Tiger337 said: Since I do statistical programming for a living, I've gone the whole thing like you said. My first course in high school used the cards, then I progressed to deck writers, etc. Now, I love to tell my students that there were no screens when I took my first computer class! Anyway, now we have AI which I am starting to use at work to help write programs. Eventually, they won't need people who do what I do, but I'm too old to care. That's part of the problem. I also teach. I don't like what I see. Many things have been lost over the years. I don't know where it will end up, but I don't have much time left so it don't matter... Having lived through this technology and what it has done to and for the world is wild. I still think of the article in Wired Magazine back in 2000 by Bill Joy of Sun Microsystems on Why the future doesn't need us - 18 page .pdf file. Even starring crazy Teddie the Unibo*ber. <- keeping NSA away Quote
Tiger337 Posted January 2 Posted January 2 10 minutes ago, gehringer_2 said: I always wonder if the limiting factor on AI is going to be the GIGO problem. How do you keep the models from corrupting themselves with all the falsehood that is out there? Yeah, I can see that happening for sure. Quote
Screwball Posted January 2 Posted January 2 4 minutes ago, gehringer_2 said: My Master's project was on 3000 80 column punch cards. I got to where I could hold an IBM card to a light and read it without the text printed on top. Another entry in the inventory of now useless but once needed life skills. I always wonder if the limiting factor on AI is going to be the GIGO problem. How do you keep the models from corrupting themselves with all the falsehood that is out there? Anyway, there aren't many examples of technologies that have been successfully kept in the bottle. The Japanese managed to keep firearms from widespread use for 250 years but it's hard to think of other examples. We've managed 80 yrs without a nuclear war, but it's been a continually dicey proposition. I worked in a test lab/eng/R&D from 1987 to 1999. We started this stuff way back then. All this didn't happen overnight. It has taken this long for the technology to advance far enough to do so. We had a 6 speed manual transmission that drove like an automatic but was too clunky to mass produce because the technology wasn't there yet. Speed mattered, limited by size many times. But we were collecting data via telemetry systems fed to computers at the engine and transmission telling when to shift when we didn't use the handle in the cab. That was 25 years ago. Today? Wow! I think it is nuts, and to be honest, it all scares me. This is different stuff. Self driving cars are one thing - machines (robots) and/or software are being programmed on how to think - and react. This is nothing new - but there is a dangerous threshold to be aware of IMO. 1 Quote
chasfh Posted January 2 Posted January 2 20 hours ago, Deleterious said: Typical company. Trumpet the big changes you made to secure your product. Then don't implement those changes across all of your platform. Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach Plus, pretty much every security site on the web says not to use them. I admit I'm very anal about these types of things and probably go overboard. But like I originally said, I would never use a centralized password manager like LastPass, 1Pass, BitWarden, etc. I just like the extra security step of nobody having my encrypted password file. I guess I’ll have to reconsider moving my seed phrase for my crypto wallet account containing $43 onto my LastPass. I’ll also have to reconsider my master password of 1234. In all seriousness, this is a good article and it taught me a few things, so thanks for that. I looked up the iteration count on the account and it’s already at 600,000, which I just learned is a minimum and I can manually increase, so I may do that. Otherwise, I feel pretty secure with I have. All the serious money-containing accounts I have use the kind of password you post later, with at least a couple dozen characters of randomly-generated gobbledygook. If I have to try to log in to them without LastPass, I would never be able to do it. I’d have to go to my backup plan. Other accounts that are last critical, such as online forums, use less secure passwords that I can remember off the top of my head, but are also unusual and require you to know something specific and undocumented about one of my childhood preferences. And if anyone really, really wants to use an Nvidia 3090 to crack my MTF password so they can ****post under my name and make people around here even high-key madder at me than they normally are, I guess they’re welcome to it. Quote
chasfh Posted January 2 Posted January 2 The other thing I can hopefully rely on is that my password vault contains such small potatoes that I have my doubts anyone will dedicate vast computer resources costing thousands upon thousands of dollars and going on for years and years to crack it. I think as long as I change the master password every few months to some phrase that means something only to me and security.org says takes quadrillions of years to crack, I’m gonna be OK. All I gotta do is outlive the efforts of some super dedicated criminal to crack it. I’m in the 60s, so i like my chances on that front. Quote
gehringer_2 Posted January 3 Posted January 3 (edited) WAPO/Reuters reporting Biden is going to block Nippon Steel purchase of USS. It will play well on the news but likely to be Pyrrhic victory for those opposed to the sale. Hard to see the most likely result as anything but a USS bankruptcy. Edited January 3 by gehringer_2 Quote
gehringer_2 Posted January 3 Posted January 3 "Net Neutrality" is dead. https://www.nytimes.com/2025/01/02/technology/net-neutrality-rules-fcc.html Quote
Deleterious Posted January 3 Posted January 3 We did just approve the sale of $3.5B worth of AMRAAM's to Japan. That has to be a little ironic. Quote
Deleterious Posted January 7 Posted January 7 I find this fascinating. Mostly because Nvidia couldn't manufacture a semiconductor even if their lives depended on it. Quote
gehringer_2 Posted January 7 Posted January 7 33 minutes ago, Deleterious said: I find this fascinating. Mostly because Nvidia couldn't manufacture a semiconductor even if their lives depended on it. I think it's one of those things that is just a bad choice of paradigm. I think it may feel more strange just because they aren't defining separate segments for the designers and the fabs. The oil biz might be an example of a more 'refined' approach that would better apply here; e.g., gasoline refiners and oil drilling/exploration are considered separate segments even if some majors span both, etc. So you have the analogy of some players 'upstream', some 'downstream' and some in both ends. Presenting 'semiconductor' as a single segment the way they do sort of implies a TSMC is competing with and 'losing' to NVidia when that isn't the case at all. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.