Recent Posts

Pages: 1 2 [3] 4 5 6 7 8 ... 10
21
Discussions - Public / Re: Password Insanity
« Last post by pxsant on March 10, 2017, 09:01:32 AM »
On Evernote, I encrypt the notes with sensitive information like passwords.  Evernote does not store the encryption password.  Following is from the Evernote security information.

Encrypted Text Within a Note

If you are using an Evernote desktop client, such as Windows Desktop and Evernote for Mac, you can encrypt any text inside a note to add an extra level of protection to private information. Evernote uses AES (Advanced Encryption Standard) with a 128-bit key to encrypt text you select.

When you encrypt text, we prompt you for a passphrase. We take your passphrase along with a unique salt and use PBKDF2 with 50,000 rounds of SHA-256 to derive a 128-bit AES key. We use this key, along with an initialization vector, to encrypt your data in CBC (Cipher Block Chaining) mode.

We never receive a copy of this key or your passphrase and don’t use any escrow mechanism to recover your encrypted data. This means that if you forget your passphrase, we cannot recover your data.


I used Keypass a long time ago.  I'll check into the latest features and OS's.
22
Discussions - Public / Re: Password Insanity
« Last post by The Gorn on March 10, 2017, 08:37:54 AM »
I have many sites (banking, credit cards, and so on) which all require totally different password patterns that are impossible to remember.  I use Evernote with encryption so that my passwords will be available to me on any device including my cell phone.   Also the encryption key is not stored or transmitted to Evernote so nobody but you can access the encrypted file even if they hack Evernote.  I can't use most other password storage tools simply because they are not available across all devices. 

Do you know for a fact that Evernote's encryption is solid enough to depend upon? I don't. Maybe it is but I have never read an independent assessment. Evernote is a note taking app, not a security application.

I really like Evernote for my own use but there was a scandal a few months ago that blew up on social media wherein Evernote for a period of time was human-reading some Evernote content in order to improve their algorithms. I wouldn't be surprised if Evernote has back doors for encryption.

Here's what I use for password storage:

- Firefox to save as many user name/password/site combinations as possible.
- Periodically export my Firefox passwords to Keypass, which has very strong encryption.
- Keep Keypass database file on Dropbox for easy access. (Google Drive would work equally well. So would FTP.)

There are ports of Keypass for every OS I can think of. 

I realize that Evernote combines the cloud storage + encryption but I just don't know anything about their encryption, and you call it out in your notes with the encrypted bubble. Whereas a Keypass database can be written with any file extension so you can hide it in plain site so it's less targetable. Sic, you can have a jpg file or an iso file be a keypass database.

Also... http://keepass.info/help/base/security.html#secdictprotect
23
Discussions - Public / Re: Password Insanity
« Last post by benali72 on March 10, 2017, 05:13:48 AM »
Password security is bad enough that even the general public has become aware of its limitations.

I predict the computer industry will come up with what they'll promote as a foolproof, silver-bullet solution -- required biometrics. You'll be required to scan your iris or fingerprint to log onto your consumer computer.

Of course, it will only be an accidental by-product that this ensures accurate tracking of all those now "secure" consumers by corporations and our government.

Finally, control of the internet and all those unpredictably free citizens!

Consumers will eagerly and stupidly accept this loss of personal power, the same way they unknowingly accepted the location tracking and stingray intercept "features" of their cellphones.
24
Discussions - Public / Password Insanity
« Last post by pxsant on March 10, 2017, 04:07:47 AM »
Jeff Atwood posted this on his blog about passwords.

https://blog.codinghorror.com/password-rules-are-bullshit/

I feel the same way as he does.  I have many sites (banking, credit cards, and so on) which all require totally different password patterns that are impossible to remember.  I use Evernote with encryption so that my passwords will be available to me on any device including my cell phone.   Also the encryption key is not stored or transmitted to Evernote so nobody but you can access the encrypted file even if they hack Evernote.  I can't use most other password storage tools simply because they are not available across all devices. 

This password craziness is a real PITA.
25
Discussions - Public / Re: how to make a fortune from startups
« Last post by pxsant on March 04, 2017, 09:37:00 AM »
If the app itself is kept in the cloud and only the rules for how to interact with it are exposed it can't be pirated. 

Not necessarily true.  If the app is written in a  non compiled source language like PHP or most others, it can be ultimately hacked and stolen even in the cloud.  The only sure protection for SAAS is to use a compiled language like Xojo or something similar.
26
Discussions - Public / Re: how to make a fortune from startups
« Last post by I D Shukhov on March 04, 2017, 06:24:56 AM »
I can see why SaaS makes sense.  If the app itself is kept in the cloud and only the rules for how to interact with it are exposed it can't be pirated.  Everything is fair game for being stolen in today's world and suing is useless as you say -- completely so for small businesses.

27
Discussions - Public / Re: how to make a fortune from startups
« Last post by Code Refugee on March 04, 2017, 02:47:06 AM »
Hacker News just dredged up an article from last October about this quick-clone phenomenon. They give a case-study of a phone case that expands into a selfie stick which was cloned and for sale by the Chinese within a few days of the Kickstarter being posted. That was long before the inventor had even found a factory, and resulted in anger towards the inventor from project backers since the price they pledged was twice that of the knockoffs.

https://qz.com/771727/chinas-factories-in-shenzhen-can-copy-products-at-breakneck-speed-and-its-time-for-the-rest-of-the-world-to-get-over-it/

This article has a very interesting quote from Jack Ma the founder of Alibaba: "[Counterfeits] are of better quality and of better price than the real names [and come from] exactly the same factories [as the real ones]."

It's an interesting point, but I doubt that the ones coming from the same factories as the original are "better quality" as those are cases where they double the production run and then sell off the excess themselves, competing with the client. So it would be exactly the same quality not better.

But again we see how foolish it is to post detailed information about a new product, along with highly detailed verified customer demand information (in the form of the number of backers willing to pay the given price) months or years before you have it produced and ready for sale. Why wouldn't competitors simply rush in and take over your market? It would be crazy not to.

The article gives what I consider to be foolish advice:

Quote
Entrepreneurs should also sign “NNN agreements” with potential Chinese partners before revealing any intellectual property. This contract prevents partner factories from using the intellectual property themselves after first view (“non-use”), sharing it with others (“non-disclosure”), or inking a partnership and then selling extra units on their own (“non-circumvention”).

I say this is foolish because no Chinese businessman honors his contracts, why should he? Feel free to try suing these guys, in Chinese courts. No outsider has ever won such a case. You'll spend a fortune on Chinese lawyers who will be happy to sabotage your case since you are a white devil, and in the end you'll get nothing but legal and travel bills, frustration, and lost time.
28
Discussions - Public / Re: H1B Predator destroys Uber
« Last post by unix on March 01, 2017, 06:35:11 PM »
LOL

Yeah, pretty much.

I did a very short gig there circa Y2K.
29
Discussions - Public / Re: H1B Predator destroys Uber
« Last post by The Gorn on March 01, 2017, 09:09:16 AM »
I moved there for my first job out of college. Dating was an absolute impossibility due to the M:F ratios. This was the 1980s when you still worked for salary progression rather than being anointed straight out of college.

I can see that if the M:F ratios stayed similar today but you add in a culture of quick instant money for dumbass kids straight out of college, most of them are transformed into sociopathically leaning aspies right out of the chute.
30
Discussions - Public / Re: H1B Predator destroys Uber
« Last post by ilconsiglliere on March 01, 2017, 05:18:52 AM »
I am not surprised about any of this. Silly Valley culture is dysfunctional in general.

Lots of people there are aspies and are total social retards. Most of the men there could not get laid in a whore house waving $100 bills. Average and below average women are hit on constantly like they were Sports Illustrated super models which leads to huge egos on their part. In a nutshell its a total sausage fest.
Pages: 1 2 [3] 4 5 6 7 8 ... 10