This forum is in permanent archive mode. Our new active community can be found here.

GeekNights Monday - Talking at Computers

Tonight on GeekNights, we talk about talking at computers with the likes of Siri, Google Glass, Amazon Echo, etc... In the news, the legendary Robert Khoo steps down from Penny Arcade and Child's play. He will be missed, and we wish him a hearty GLHF with whatever he's up to after this. Apple has WWDC 2016, where they announced some things.

The GeekNights Patreon continues! So too do the GeekNights Tshirts! And the GeekNights Forum!

Download MP3
Source Link
«1

Comments

  • MrPeriod said:

    the legendary Robert Khoo steps down from Penny Arcade and Child's play. He will be missed, and we wish him a hearty GLHF with whatever he's up to after this.

    NEW GEEKNIGHTS BIZ MANAGER
  • Starfox said:

    MrPeriod said:

    the legendary Robert Khoo steps down from Penny Arcade and Child's play. He will be missed, and we wish him a hearty GLHF with whatever he's up to after this.

    NEW GEEKNIGHTS BIZ MANAGER
    I am going to call it now that he is either going to be picked up by a VR company, Crowdfunding firm (ala Kickstarter), eSport league, or develop some insane thing for the world that we never thought we wanted yet.

  • I think he'll be on the beach.
  • For a while, I am sure. But then he can roll in, collect a multi-million dollar signing bonus for some executive gig, work for a few more years, then beach for life in style if he wants.

    Dude has to have made some nice money, for sure, but I don't think he's idly rich in his 40s yet.
  • The unlocking the laptop thing with the watch is still two factor. As soon as I put my watch on, I have to enter the lock code. While it remains in contact with my wrist, it retains that pass code. When I sit down at my laptop, the laptop sees 1. something I have and 2. something I know.

    I hear that in the future Apple plans to use your heart beat as an extra biometric reference to you, so in a way the watch could be even three factor.

    They also had an Apple Pay feature that popped up something on your laptop screen, and you use your thumbprint on your nearby phone to authenticate. That's something you have, something you are, and to unlock the phone previously something you also know.

    A combination of login pin, heartbeats, thumbprints, and all three devices checking each other should be pretty secure.

    That said, I don't have a password on my laptop. If my watch could unlock it, for me it would be a massive step up in security, not a small step back.
  • Unlocking your watch? Now that's is a major pain in the ass. What time is it? Oh shit, gotta type in a code on a fucking watch. And what kind of code? A worthless four digit pin?

    While multi factors like things you are and things you have are great, the thing you know is and always will be the most important. Police or bad guys who arrest you or steal your things can access the things you have or are. They can't force out the things you know. It's the last line of defense, at least until GitS tech comes along.

    Everything should be protected with a very secure password or passphrase. The fact that you don't lock your laptop is insane. Worse than not locking your house or your car. Even in my own home and at work, I lock whatever computer I am using every time I stand up. On my iOS devices I use the full password mode, no worthless pin.
  • I unlock my apple watch with a code when I put it on in the morning. I don't type it in every time I want to check the time. Also, when a watch is off your wrist, the only thing it can do is tell you the time, and nothing else.

    And yeah, it's a worthless four digit pin.

    You've got to remember that for 99.9999% of people, a passcode on their phone or other device is purely about "keeping people honest". It's exactly like how if someone wants to break into your house, no lock on any door or window is going to stop them. But for criminals of opportunity, a locked door is enough for them to just check the next door, and the next, and the next, until they find one unlocked.

    So the pin isn't worthless. It is the exact right balance between annoyance of having to unlock it in the morning combined with the ease of the Touch ID to generally keep it available or the sensor on the back of the watch knowing you haven't taken the watch off since you entered the pin.

    That's all I need, that's all I want.
  • End Patreon bit: in a recent podcast you mentioned the name "Chris Reimer" and something in my brain broke when you didn't follow it up with "and Thomas Hahn".
  • I unlock my apple watch with a code when I put it on in the morning. I don't type it in every time I want to check the time. Also, when a watch is off your wrist, the only thing it can do is tell you the time, and nothing else.

    And yeah, it's a worthless four digit pin.

    You've got to remember that for 99.9999% of people, a passcode on their phone or other device is purely about "keeping people honest". It's exactly like how if someone wants to break into your house, no lock on any door or window is going to stop them. But for criminals of opportunity, a locked door is enough for them to just check the next door, and the next, and the next, until they find one unlocked.

    So the pin isn't worthless. It is the exact right balance between annoyance of having to unlock it in the morning combined with the ease of the Touch ID to generally keep it available or the sensor on the back of the watch knowing you haven't taken the watch off since you entered the pin.

    That's all I need, that's all I want.

    Unlike a lock on your house a real password does more than keep people honest. You can have absolute security that can't be broken. If you could have a truly unbreakable lock on your house wouldn't you?

    And while you might only need or want your very light amount of security, you'll sing a different tune once you get fucked over. Like people who don't make backups and lose all their irreplaceable data, it's a disaster waiting to happen. If someone has your unlocked phone, they have your email. If they have your email, they have everything. From your steam account to your bank account, your entire life will be fucked. You will be very upset when you realize how little recourse you have to repair the situation afterwards.

    Or you could avoid it and just type in a password a few times here and there.
  • Apreche said:

    Unlike a lock on your house a real password does more than keep people honest. You can have absolute security that can't be broken. If you could have a truly unbreakable lock on your house wouldn't you?

    Nope. No way. Because if I lost my key I'd be fucked.
  • Apreche said:

    Unlike a lock on your house a real password does more than keep people honest. You can have absolute security that can't be broken. If you could have a truly unbreakable lock on your house wouldn't you?

    Nope. No way. Because if I lost my key I'd be fucked.
    That's exactly my point. You can lose a physical key (something you have, something you are) you can't lose something you know.
  • This is not so hard.

    If you leave your phone on a table and someone fucks with it because you are still in watch range... what the fuck are you doing! Why are you leaving your phone on the table? Why are you around these people? Something is wrong here.

    On the other hand, the software can protect itself. If you haven't touched your phone in a while, watch unlock or geofence isn't gonna be good enough. Prove you are really you. On Android, if it's been a few hours, then good luck, it's password only. Not even the fingerprint is allowed (and for good measure, as we already discussed how it can be fooled).

    I've got all of this set up, but my real hope is security by obscurity, that my battery will die before any sort of authorities could find a USB-C charger ;)
  • Apreche said:

    Apreche said:

    Unlike a lock on your house a real password does more than keep people honest. You can have absolute security that can't be broken. If you could have a truly unbreakable lock on your house wouldn't you?

    Nope. No way. Because if I lost my key I'd be fucked.
    That's exactly my point. You can lose a physical key (something you have, something you are) you can't lose something you know.
    I forget passwords all the time. I forget my key sometimes. When I forget my key, I wait for my girlfriend to come home. If we've both forgotten our key, we can call her parents, and get them to bring over their key.
    Matt said:


    If you leave your phone on a table and someone fucks with it because you are still in watch range... what the fuck are you doing! Why are you leaving your phone on the table? Why are you around these people? Something is wrong here.

    My watch doesn't unlock my phone; my thumbprint unlocks my phone. I'm happy to hand my phone to anyone as all they can do is use the camera.

  • edited June 2016

    Apreche said:

    Apreche said:

    Unlike a lock on your house a real password does more than keep people honest. You can have absolute security that can't be broken. If you could have a truly unbreakable lock on your house wouldn't you?

    Nope. No way. Because if I lost my key I'd be fucked.
    That's exactly my point. You can lose a physical key (something you have, something you are) you can't lose something you know.
    I forget passwords all the time. I forget my key sometimes. When I forget my key, I wait for my girlfriend to come home. If we've both forgotten our key, we can call her parents, and get them to bring over their key.
    If you can't remember a password, you're fucked in the 21st century. I recommend using passphrases instead of passwords. Easier to remember, and even more secure.
    Matt said:


    If you leave your phone on a table and someone fucks with it because you are still in watch range... what the fuck are you doing! Why are you leaving your phone on the table? Why are you around these people? Something is wrong here.

    My watch doesn't unlock my phone; my thumbprint unlocks my phone. I'm happy to hand my phone to anyone as all they can do is use the camera.

    This is exactly the point. Apple just made a bunch of announcements about all the new things they are enabling you to do on your phone without unlocking it, and not just take photos. If you don't disable these features, and remove lock-screen notifications form important apps, someone who simply has your phone will be able to access your email, and then every aspect of your life. Even if they can't guess your measly 4-digit pin, it won't matter because they won't need to.

    Also, fingerprint is worthless. Anyone who grabs your arm can unlock your phone. The government can also force you to unlock your phone for them. They can't force you to divulge a password. It's truly secure in your mind. Also, hacks.

    Post edited by Apreche on
  • I just don't care. In fact, I actively care the other way. I know and understand all the issues you raise, and I'm making a conscious, knowing decision to not use all the security measures available to me right now. You're not going to convince me otherwise. Sorry if that upsets you!
  • I think you guys missed something in terms of the talking at computers question: Location and Lifestyle. I'm going to guess that most of the development for these tools goes on in California, which is a land of cars and driving. You guys live a very specific type of life that isn't shared by everyone. I know back here in Rochester several people who use it on a regular basis, because cars.

    It's the same thing that drives there to be really obvious bad choices in terms of features of these systems, because the engineers never thought about, "Oh, what does this mean for a woman using this tool?"

    Also, most headsets have a button that on Android phones, calls up Google Now.
  • I use iMessage with my family because they don't use Hangouts or actively use the Gmail accounts I made for them.

    There are still many people out there that don't use Gmail.
  • I just don't care. In fact, I actively care the other way. I know and understand all the issues you raise, and I'm making a conscious, knowing decision to not use all the security measures available to me right now. You're not going to convince me otherwise. Sorry if that upsets you!

    People who don't back up their shit say the same thing. And then they cry.
  • Rochelle said:

    I use iMessage with my family because they don't use Hangouts or actively use the Gmail accounts I made for them.

    I don't think I've ever used Hangouts. For me it is iMessage and Facebook Messenger, with a little bit of Watsapp on the side for specific people.
  • Apreche said:

    I just don't care. In fact, I actively care the other way. I know and understand all the issues you raise, and I'm making a conscious, knowing decision to not use all the security measures available to me right now. You're not going to convince me otherwise. Sorry if that upsets you!

    People who don't back up their shit say the same thing. And then they cry.
    Well, you don't know how anal I am about backing up and archiving all my data.

    Also, encryption is, for me, a good way losing my data. All I need is to forget a password and whatever was on that backup hard drive or archive hard drive is as good as gone. I keep all my in-home backups and archives unencrypted for that very reason. Backblaze keeps my data more secure, I hope.
  • Apreche said:

    I just don't care. In fact, I actively care the other way. I know and understand all the issues you raise, and I'm making a conscious, knowing decision to not use all the security measures available to me right now. You're not going to convince me otherwise. Sorry if that upsets you!

    People who don't back up their shit say the same thing. And then they cry.
    Well, you don't know how anal I am about backing up and archiving all my data.

    Also, encryption is, for me, a good way losing my data. All I need is to forget a password and whatever was on that backup hard drive or archive hard drive is as good as gone. I keep all my in-home backups and archives unencrypted for that very reason. Backblaze keeps my data more secure, I hope.
    Well, consider this. If you don't secure your data properly, someone ELSE can encrypt all your data and your backups, and then hold them ransom. You'll have no choice but to pay or lose your data since they used an effectively unbreakable lock. You could have prevented this, but you were too lazy to press a few extra buttons to unlock your computer.
  • I'll see about getting you some hi rez scans of the FFF logos using the scanner at work. D&G Chocolate forever.

    End Patreon bit: in a recent podcast you mentioned the name "Chris Reimer" and something in my brain broke when you didn't follow it up with "and Thomas Hahn".

    ... considering appending ", and Thomas Hahn" to my name on Pateron...
  • It isn't laziness! I chose not to encrypt my data because I don't want to rely on my own abilities to remember the passwords or keep track of them in other ways. In an emergency, I want other people to access my data. If I die, I want other people to access my data. If I lose my laptop, and need to use a backup, I don't want it to be tied to a single device or account I don't have access to any more.

    If someone manages to steal my laptop, and my backups, and my archives, and get access to Backblaze, iCloud and Dropbox, and encrypt all that? Well, all I can say is well done. I'm just not that paranoid.

    When it comes to encryption, I trust my own abilities less than I distrust other people. Laziness isn't really much of a factor.
  • Also, encryption is, for me, a good way losing my data. All I need is to forget a password and whatever was on that backup hard drive or archive hard drive is as good as gone. I keep all my in-home backups and archives unencrypted for that very reason.

    There's plenty of ways to prevent forgetfulness.

    Keep the password simple. If you don't want to remember a bunch of random numbers and symbols, stringing a couple of words together should get the trick done.

    Write it down. Self-explanatory. Grab a sticky note, write the password down, and keep it safe.
  • The watch use-case for multi-factor is excellent.
  • It isn't laziness! I chose not to encrypt my data because I don't want to rely on my own abilities to remember the passwords or keep track of them in other ways. In an emergency, I want other people to access my data. If I die, I want other people to access my data. If I lose my laptop, and need to use a backup, I don't want it to be tied to a single device or account I don't have access to any more.

    There are other solutions to these problems. Put all your passwords and keys into a safe deposit box at a bank. You can leave your accounts and digital "property" to other people in your will.

    As for losing your laptop, that's your worst case scenario! Yours is unlocked! Someone can open it and start reading your email, and reset all your passwords to everything. Game over. I don't imagine you are logging out of GMail constantly, are you? The possibility of losing your devices is the #1 reason you should make sure they are all securely locked.

    As for having your accounts tied to a single device? I don't have any such thing. I don't even understand this concern.
  • Daikun said:

    Also, encryption is, for me, a good way losing my data. All I need is to forget a password and whatever was on that backup hard drive or archive hard drive is as good as gone. I keep all my in-home backups and archives unencrypted for that very reason.

    There's plenty of ways to prevent forgetfulness.

    Keep the password simple. If you don't want to remember a bunch of random numbers and symbols, stringing a couple of words together should get the trick done.

    Write it down. Self-explanatory. Grab a sticky note, write the password down, and keep it safe.
    I don't trust my memory. I don't trust paper. The only way I would be able to keep track of which password goes with which hard drive is to write the password on the hard drive itself. Might has well not use a password in that case.
  • Safety deposit boxes and wills are purely down to laziness, so you're right about that one thing. :)
  • I guess having a good and trustworthy memory is essential to being secure in the digital age. Someone with a goldfish-like memory is just screwed.

    Then again, will power is also essential. You have to not only remember your passwords, but also have the ability to never ever ever tell anyone. Not even your own family.

    As for having passwords written down and remembering which one goes where, I highly recommend the password card.

    https://www.passwordcard.org/en

    The card is absolutely meaningless and useless to anyone that finds/steals it. You can just leave it on your desk next to your computer out in the open. You can look at it and remember your passwords easily, but nobody else can.

    You can keep it simple like bank password = start at the $ sign and go down.

    Or you can get fancy.

    Forum = smiley face, go diagonally down to the right then back up again in a V shape.

    You don't even need a physical card, since there are apps for iOS and Android. Just Remember the key for the password card and put it in a file somewhere. Then you can regenerate the same card again if you ever lose it. That's just one number for the safe deposit box.
  • Yeah no. Other people being able to access my archives and backups is a feature, not a bug.
Sign In or Register to comment.