Discussion:
Those idiot password changes
(too old to reply)
T
2018-06-13 00:34:09 UTC
Permalink
Hi w10 and w7,

I have been bitching about this for ages.

Time to rethink mandatory password changes

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.

Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.

-T
J. P. Gilliver (John)
2018-06-13 00:45:16 UTC
Permalink
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-manda
tory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Agreed.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
Post by T
-T
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

...Every morning is the dawn of a new error...
T
2018-06-13 00:59:01 UTC
Permalink
Post by J. P. Gilliver (John)
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-manda
tory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables?  Changing your passwords constantly is
not a good security feature.
Agreed.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases.  Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
Post by T
-T
Make up something is Latin with lots of spaces in it.

Did you notice in the ftc article what uses do when asked
to change their password? They just add or change a number.
I have one lady that just adds a dollar sign to the old
password. She is up to five dollar signs no.

I have run tables at Windows passwords before. When
I get this mandatory 90 change s***, I just shake my head
Wolf K
2018-06-13 01:30:01 UTC
Permalink
Post by J. P. Gilliver (John)
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-manda
tory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables?  Changing your passwords constantly is
not a good security feature.
Agreed.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases.  Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
Post by T
-T
A good source of phrases is your own history. Eg, this sequence derives
from a couple of sentences about my life: mbswbligsihttttfthomtbaf.
Convert a few letters to numerics or capitals, and may look "as near
totally random" as you desire: mbswb11gs1HtTttft60Mt6af
--
Wolf K
kirkwood40.blogspot.com
Ethics is knowing the difference between what you have a right to do and
what is right to do. Potter Stewart
Nil
2018-06-14 07:30:17 UTC
Permalink
Post by Wolf K
A good source of phrases is your own history. Eg, this sequence
mbswbligsihttttfthomtbaf. Convert a few letters to numerics or
mbswb11gs1HtTttft60Mt6af
Hey, I thought I invented that! I knew I should have patented it.
Diesel
2018-06-19 05:22:29 UTC
Permalink
Post by Wolf K
Post by J. P. Gilliver (John)
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethin
k-manda tory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables?  Changing your passwords constantly is
not a good security feature.
Agreed.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases.  Mine are up to 30
characters.
Well, best as a combination of security and chance that you'll
remember them. Best for security alone are as near totally random
as you can get, but they're going to be impossible to remember.
Post by T
-T
A good source of phrases is your own history. Eg, this sequence
mbswbligsihttttfthomtbaf. Convert a few letters to numerics or
mbswb11gs1HtTttft60Mt6af
Would the word flmwombat have any meaning to you?
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
Why do divorces cost so much? They're worth it.
Buffalo
2018-06-29 19:12:19 UTC
Permalink
Post by Diesel
Post by Wolf K
Post by J. P. Gilliver (John)
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethin
k-manda tory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Agreed.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30
characters.
Well, best as a combination of security and chance that you'll
remember them. Best for security alone are as near totally random
as you can get, but they're going to be impossible to remember.
Post by T
-T
A good source of phrases is your own history. Eg, this sequence
mbswbligsihttttfthomtbaf. Convert a few letters to numerics or
mbswb11gs1HtTttft60Mt6af
Would the word flmwombat have any meaning to you?
Damn, now you gave away most of my favorite pswd.
No privacy anymore... :)
--
Buffalo
Diesel
2018-07-07 21:02:50 UTC
Permalink
Post by Buffalo
Damn, now you gave away most of my favorite pswd.
No privacy anymore... :)
[g]
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
Today is a good day to bribe a high ranking public official.
pyotr filipivich
2018-06-13 15:36:49 UTC
Permalink
Post by J. P. Gilliver (John)
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
I've heard it suggested that you keep an encrypted file on a thumb
drive, and all you do is cut and past that random phrase to the
password field.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
T
2018-06-13 18:13:34 UTC
Permalink
Post by pyotr filipivich
Post by J. P. Gilliver (John)
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
I've heard it suggested that you keep an encrypted file on a thumb
drive, and all you do is cut and past that random phrase to the
password field.
LUKS encrypt the flash drive an Bob's Your Uncle. Doesn't
work with Windows though
Chris
2018-06-13 19:41:25 UTC
Permalink
Post by T
Post by pyotr filipivich
Post by J. P. Gilliver (John)
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Well, best as a combination of security and chance that you'll remember
them. Best for security alone are as near totally random as you can get,
but they're going to be impossible to remember.
I've heard it suggested that you keep an encrypted file on a thumb
drive, and all you do is cut and past that random phrase to the
password field.
LUKS encrypt the flash drive an Bob's Your Uncle. Doesn't
work with Windows though
Best hope you don't lose it :)
wryutirjgkhmmfioertuyie
2018-06-13 01:42:55 UTC
Permalink
Keep in mind though that picking an easy password is even worse. The
best ones are run on phrases. Mine are up to 30 characters.
I was surprised to find that W10 allows me to pick a ONE character
password on this tablet. Most all of my other devices/apps require at
least eight characters. So I picked "p" (for 'p' assword) on this W10
tablet. Sure makes it quick to get into. And easy to remember. And
reasonably safe since whomever unlawfully comes into possession of this
tablet would never think of trying anything that easy...
T
2018-06-13 01:53:35 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Keep in mind though that picking an easy password is even worse. The
 best ones are run on phrases.  Mine are up to 30 characters.
I was surprised to find that W10 allows me to pick a ONE character
password on this tablet. Most all of my other devices/apps require at
least eight characters. So I picked "p" (for 'p' assword) on this W10
tablet. Sure makes it quick to get into. And easy to remember. And
reasonably safe since whomever unlawfully comes into possession of this
tablet would never think of trying anything that easy...
I had a guy tell me he uses "8' as his password as they
would never guess something so simple. I told him how
the rainbow tables worked and how he would be dead meat
in a microsecond.

A lot of folks ask me to turn off their Windows passwords.
I make sure there is nothing private on their computers
first including ordering on line, then I oblige them.

Orly use security where it is needed. Otherwise it is
just obnoxious.
Paul
2018-06-13 02:01:04 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Keep in mind though that picking an easy password is even worse. The
best ones are run on phrases. Mine are up to 30 characters.
I was surprised to find that W10 allows me to pick a ONE character
password on this tablet. Most all of my other devices/apps require at
least eight characters. So I picked "p" (for 'p' assword) on this W10
tablet. Sure makes it quick to get into. And easy to remember. And
reasonably safe since whomever unlawfully comes into possession of this
tablet would never think of trying anything that easy...
"would never think of trying"

Kali, rainbow tables, etc.

This is what machines are for. They don't think.
They just grind through the algorithmic possibilities.

What screws up cracking passwords, is
having to add punctuation to the character
set of the search. If you stick to an alphabetic
password, I would expect it to be cracked
in no time at all. If numbers and punctuation
are included, that helps a lot. You either have
to order some BluRay sized rainbox tables,
or do it with a graphics card. A box full of
high end graphics cards can also crack passwords
fairly quickly. (Day or two). On my low
end graphics card, it would probably take
a few months for even a simple password.

There's a standard format for password dumping.

https://tools.kali.org/password-attacks/creddump

***@kali:~# pwdump system sam
Administrator:500:41aa818b512a8c0e72381e4c174e281b:1896d0a309184775f67c14d14b5c365a:::

^ ^
| |
<username>:<uid>:<LM-hash> : <NTLM-hash>:<comment>:<homedir>:

The NTLM-hash is apparently the one you try to crack.

The idea is, you'd boot the tablet with
a Kali USB stick and collect some info.
The pwdump command would dump a table of
all the accounts present. The above is the
first account found.

Paul
wryutirjgkhmmfioertuyie
2018-06-13 04:32:13 UTC
Permalink
Post by Paul
W10 allows me to pick a ONE character password on this tablet. So I
picked "p". Sure makes it quick to get into. >> And reasonably safe
since whomever unlawfully comes into possession
of this
Post by Paul
tablet would never think of trying anything that easy...
"would never think of trying"
My key words above are "reasonably safe".
Post by Paul
Kali, rainbow tables, etc. This is what machines are for. They don't
think. They just grind through the algorithmic possibilities.
I'm not worried about the CIA or a hacker breaking my tablet's password.
Since this tablet seldom leaves the house my greatest danger is losing
it by burglary. And most burglars would not waste time trying to break
my password. They would just reset and sell the tablet as quickly as
possible.
Post by Paul
The idea is, you'd boot the tablet with a Kali USB stick and collect
some info. The pwdump command would dump a table of all the accounts
present.
And if my burglar did turn out to be a hacker he would need to be quick
about it. I'd know the device was gone within a few hours and quickly
change my app passwords. Further since I use 2-factor authentication
he'd need my phone to use or change any passwords obtained.

So why make things difficult for me to open my tablet? Excessive
security just wastes my time.

Actually my greatest threat would probably be a grandkid blindly
punching the keyboard one at a time and hitting "p"... 8-O

BTW one annoying feature I find about my new Chromebook is that it
REQUIRES a 6 digit pin or my full Google password (13 characters). And
the Google password is required at least once a day. And there is no
automatic locking so if I forget to push the lock key it stays unlocked.
Now THAT IS a real security threat at my age...
pyotr filipivich
2018-06-13 15:36:49 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Paul
W10 allows me to pick a ONE character password on this tablet. So I
picked "p". Sure makes it quick to get into. >> And reasonably safe
since whomever unlawfully comes into possession
of this
Post by Paul
tablet would never think of trying anything that easy...
"would never think of trying"
My key words above are "reasonably safe".
Post by Paul
Kali, rainbow tables, etc. This is what machines are for. They don't
think. They just grind through the algorithmic possibilities.
I'm not worried about the CIA or a hacker breaking my tablet's password.
Since this tablet seldom leaves the house my greatest danger is losing
it by burglary. And most burglars would not waste time trying to break
my password. They would just reset and sell the tablet as quickly as
possible.
Post by Paul
The idea is, you'd boot the tablet with a Kali USB stick and collect
some info. The pwdump command would dump a table of all the accounts
present.
And if my burglar did turn out to be a hacker he would need to be quick
about it. I'd know the device was gone within a few hours and quickly
change my app passwords. Further since I use 2-factor authentication
he'd need my phone to use or change any passwords obtained.
So why make things difficult for me to open my tablet? Excessive
security just wastes my time.
Actually my greatest threat would probably be a grandkid blindly
punching the keyboard one at a time and hitting "p"... 8-O
Bingo.

I had to use an assembly language simulator for a programming
class. Stepping through a loop, I just started 'walking across the
keyboard" - avoiding the keys I knew "caused things" {Q for example.)
Found all manner of useful things - m for map memory{dump the current
state to output} was the most useful.
Post by wryutirjgkhmmfioertuyie
BTW one annoying feature I find about my new Chromebook is that it
REQUIRES a 6 digit pin or my full Google password (13 characters). And
the Google password is required at least once a day. And there is no
automatic locking so if I forget to push the lock key it stays unlocked.
Now THAT IS a real security threat at my age...
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
wryutirjgkhmmfioertuyie
2018-06-13 15:54:19 UTC
Permalink
21:32:13
Post by wryutirjgkhmmfioertuyie
Actually my greatest threat would probably be a grandkid blindly
punching the keyboard one at a time and hitting "p"... 8-O
Bingo.
I had to use an assembly language simulator for a programming class.
Stepping through a loop, I just started 'walking across the keyboard"
- avoiding the keys I knew "caused things" {Q for example.) Found all
manner of useful things - m for map memory{dump the current state to
output} was the most useful.
Actually I was just trying to be funny. My grandkid would have to hit
ONLY "p" (my password) and "Enter"- in that order - to open my tablet.
Any extra keys would screw things up. So odds are pretty good this
tablet is safe from grandkids too... that is to break into, not to break
up... 8-O
pyotr filipivich
2018-06-14 00:25:48 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
21:32:13
Post by wryutirjgkhmmfioertuyie
Actually my greatest threat would probably be a grandkid blindly
punching the keyboard one at a time and hitting "p"... 8-O
Bingo.
I had to use an assembly language simulator for a programming class.
Stepping through a loop, I just started 'walking across the keyboard"
- avoiding the keys I knew "caused things" {Q for example.) Found all
manner of useful things - m for map memory{dump the current state to
output} was the most useful.
Actually I was just trying to be funny. My grandkid would have to hit
ONLY "p" (my password) and "Enter"- in that order - to open my tablet.
Any extra keys would screw things up. So odds are pretty good this
tablet is safe from grandkids too... that is to break into, not to break
up... 8-O
I put a simple 2 char password on the box at home. "Paranoia" -
so that the cat cannot walk across the keyboard and "do something".
One of the catch phrases of the program was "You program should be
able to handle having the cat walk across the keyboard without
crashing in flames."
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
Diesel
2018-06-19 05:22:30 UTC
Permalink
One of the catch phrases of the program was "Your program
should be able to handle having the cat walk across the keyboard
without crashing in flames."
That to me is a solid practice which typically results in a stable
program.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
#1 BORG Hit Parade: We all sleep in a single subroutine
Keith Nuttle
2018-06-13 12:46:41 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Keep in mind though that picking an easy password is even worse. The
 best ones are run on phrases.  Mine are up to 30 characters.
I was surprised to find that W10 allows me to pick a ONE character
password on this tablet. Most all of my other devices/apps require at
least eight characters. So I picked "p" (for 'p' assword) on this W10
tablet. Sure makes it quick to get into. And easy to remember. And
reasonably safe since whomever unlawfully comes into possession of this
tablet would never think of trying anything that easy...
Windows accepts a nul character for a password. Using a nul character,
your system logs in and you do not need to enter a password.

I have three computers, and non have passwords. One never leaves the
upstairs studio, and only my wife and I live in this house.

While my laptop travels it is never left anywhere, and my tablet has
nothing worth stealing.
--
2018: The year we learn to play the great game of Euchre
wryutirjgkhmmfioertuyie
2018-06-13 15:41:16 UTC
Permalink
Post by Keith Nuttle
I have three computers, and non have passwords. One never leaves
the upstairs studio
My neighbor's computers were never supposed to leave his house either
except that one day they did... in a burglary.
Post by Keith Nuttle
While my laptop travels it is never left anywhere
And while you and your laptop are traveling those burglars have access
to your unsecured computers. You likely won't be aware of the theft
until you return home days later.

Have a burglar alarm? These days they do smash and grabs. Kick in the
door, and grab the electronics before the cops can get there, in my town
sometimes an hour later. Have a dog? He's dead.

As an aside: My neighbors wife had her car broken into at work. The
perps took her garage door opener and car registration for her address.
They drove to her house opened the garage door, drove in, shut the door,
and took their time removing all her electronics among other things. I
walked by while it was happening and was unaware. Moral to this story?
Hide your garage door opener and/or remove your address from any
documents in your car.
T
2018-06-13 18:19:49 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Have a burglar alarm? These days they do smash and grabs. Kick in the
door, and grab the electronics before the cops can get there, in my town
sometimes an hour later. Have a dog? He's dead.
Fortunately, I live in a place where most leave their doors
(car and house) unlocked. Any a** h*** who breaks into my or my
neighbors better be able to run a lot faster than 800 feet per
second. (It is open season on a** h***s out here and they
know it.) It is a nice place to live.

That being said. My office computer is LUKS encrypted
to protect both my and my customer sensitive information.
wryutirjgkhmmfioertuyie
2018-06-13 22:39:04 UTC
Permalink
Any a** h*** who breaks into my or my neighbors better be able to run
a lot faster than 800 feet per second.
Problem is burglars check to see if you're home before breaking in. Thus
there's usually nobody there to shoot at when you get home and find your
stuff missing.
T
2018-06-14 15:46:19 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Any a** h*** who breaks into my or my neighbors better be able to run
a lot faster than 800 feet per second.
Problem is burglars check to see if you're home before breaking in. Thus
there's usually nobody there to shoot at when you get home and find your
stuff missing.
True. It also helps to have nosey neighbors. The bad guys
stay away.
Diesel
2018-06-19 05:22:31 UTC
Permalink
Post by T
Post by wryutirjgkhmmfioertuyie
Any a** h*** who breaks into my or my neighbors better be able
to run a lot faster than 800 feet per second.
Problem is burglars check to see if you're home before breaking
in. Thus there's usually nobody there to shoot at when you get
home and find your stuff missing.
True. It also helps to have nosey neighbors. The bad guys
stay away.
That's one good reason to have nosey neighbors. ;p Sometimes, the lack
of your own privacy can be a benefit as you know your house is being
watched all the time. lol.

No neighbors can be bliss too, though. Just sayin.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
When launching a boat, always back the boat into the water.
Pulling the boat into the water can really mess up your carburettor.
Diesel
2018-06-19 05:22:31 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
As an aside: My neighbors wife had her car broken into at work.
The perps took her garage door opener and car registration for her
address. They drove to her house opened the garage door, drove in,
shut the door, and took their time removing all her electronics
among other things. I walked by while it was happening and was
unaware. Moral to this story? Hide your garage door opener and/or
remove your address from any documents in your car.
That really stinks. :( Are you suggesting that people should keep their
registration on themselves instead of inside the vehicle at all times?
Along with insurance proof, etc? Otherwise, I can't see how you'd be
able to remove all documents containing your physical address and still
be completely legal.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
When cows laugh, does milk come out of their nose?
ewtryhfjklfmndujnmrnc
2018-06-19 13:50:47 UTC
Permalink
Post by Diesel
Post by wryutirjgkhmmfioertuyie
As an aside: My neighbors wife had her car broken into at work. The
perps took her garage door opener and car registration for her
address. They drove to her house opened the garage door, drove in,
shut the door, and took their time removing all her electronics
among other things. I walked by while it was happening and was
unaware. Moral to this story? Hide your garage door opener and/or
remove your address from any documents in your car.
That really stinks. :( Are you suggesting that people should keep
their registration on themselves instead of inside the vehicle at all
times?
Since registration is required to be in the car I make a convenient
"accidental" tear that obliterates a few numbers of my address on the
document. It's likely unnecessary these days since both my current
vehicles have built in (non-removable) garage door openers.
Post by Diesel
Along with insurance proof, etc? Otherwise, I can't see how you'd be
able to remove all documents containing your physical address and
still be completely legal.
My proof of insurance form doesn't have my address on it. And I keep no
other documents in the car. YMMV.
Diesel
2018-06-19 05:22:30 UTC
Permalink
Post by Keith Nuttle
Windows accepts a nul character for a password. Using a nul
character, your system logs in and you do not need to enter a
password.
Windows treats it as if no password is present on the account. As
technically, there isn't at that point.
Post by Keith Nuttle
I have three computers, and non have passwords. One never leaves
the upstairs studio, and only my wife and I live in this house.
I have several computers myself. Not only do they all have passwords,
each one is unique. So, in the event someone was able to guess? the
correct password for one machine, they aren't going to automatically
have carte blanche access to all of the machines using the password
they discovered.

It's highly unlikely they'd guess one of them anyway. I like to refer
to this as a piece of building compartmentalized and/or confined
breach security practices for my own network and those i'm
responsible for.
Post by Keith Nuttle
While my laptop travels it is never left anywhere, and my tablet
has nothing worth stealing.
Don't sell yourself so short so quickly. Your tablet has a processor
which may be capable of mining various types of crypto currency. That
may be of value to a botnet or sketchy website script that abuses
your resources while you visit the site. The website script option
actually gives the bad guy more victims in the sense it's not OS
dependent like the program for the botnet would be. Linux/Mac/Windows
users would all potentially be able to run the bad script without
modification of the script for each OS/platform.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
If a cat joined the Red Cross, would it become a First-Aid Kit?
David E. Ross
2018-06-13 02:35:47 UTC
Permalink
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
-T
I get someone's PGP public key from a key server. It does not matter
whose key. My passwords are then extracted from the plain-text
representation of that key. Each password is extracted from a different
part of the key.

Here are a few lines from a public PGP key. The actual key runs 20
lines; some are even longer.
tCxNYXR0aGV3IFJpY2hhcmRzb24gPEplcnNleSwgQ2hhbm5lbCBJc2xhbmRzPokA
lQIFEC6FPm4CsC8HBxL+vQEBl74D/2/ZkU9M6Doc69jFrig3jHFMlYNWIu7pWniV
jtj2PwRgMT5O83IUoLy3kxmzEM5DELZ1fAEg+6DMxCDka3S8B7S769fcto/nTLaA
kItWzjqPZKjg5AnXQEI6mRg8N30MNK5+ViT/VfRhgpyjSqxWhAehN4Q+PxX5MBF3
xaGaXD5CtCxNYXR0aGV3IFJpY2hhcmRzb24gPG1hdHRoZXdAaXRjb25zdWx0LmNv

A possible extract from this would be
5AnXQEI6mRg8N
which is from the fourth line, starting at the 13th character. This
contains numerals, upper-case letters, and lower-case letters. I
generally remove the + and /, but some Web sites want me to include
special characters.

Obviously, I cannot remember any such a password. I keep a plain-text
file of all my passwords. That file is PGP encrypted, but then I only
have to remember a single password to decrypt it. I use a strong
file-erase application to erase a decrypted copy of the file.
--
David E. Ross
<http://www.rossde.com/>

First you say you do, and then you don't.
And then you say you will, but then won't.
You're undecided now, so what're you goin' to do?
From a 1950s song
That should be Donald Trump's theme song. He obviously
does not understand "commitment", whether it is about
policy or marriage.
😉 Good Guy 😉
2018-06-13 02:40:28 UTC
Permalink
Post by T
Hi w10 and w7,
You are a rogue trader and it's no surprise you don't like your victims
using passwords. Frankly, you should be arrested from defrauding
customers by providing bogus IT services.
Post by T
/--- This email has been checked for viruses by
Windows Defender software.
//https://www.microsoft.com/en-gb/windows/comprehensive-security/
--
With over 950 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.
Dave
2018-06-13 12:08:55 UTC
Permalink
Post by 😉 Good Guy 😉
Post by T
Hi w10 and w7,
You are a rogue trader and it's no surprise you don't like your victims
using passwords. Frankly, you should be arrested from defrauding
customers by providing bogus IT services.
Post by T
/--- This email has been checked for viruses by
Windows Defender software.
//https://www.microsoft.com/en-gb/windows/
comprehensive-security/

I see you have enhanced the gratuitous nonsense at the end of your posts,
but you are still a pest - go away.
VanguardLH
2018-06-13 03:21:10 UTC
Permalink
I have been bitching about this for ages. Time to rethink mandatory
password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Use a *different* password at every site (domain). Not some
transformation of the same password but a completely different one.

Use a *different* password at every host (unless it's a workstation on a
domain and you want to reuse your user profile from the PDC).

You could use software but then have to trust someone else with your
passwords, unless they are locally encrypted using a passphrase you
choose (but then you have to remember the passphrase). I prefer to use
an algorithm that I can remember, so I don't need to install the
software (not an option if a host is not your property) everywhere I go.

Always use strong passwords. Not something stupid, like in the Comcast
commercial where the parents tell their kid to set "YouMustStillVisitUs"
as their password.

Don't save passwords in software (e.g., web browsers) other than on the
hosts to which only you have physical access.

Use a different password for the system (BIOS) and OS login. When using
a system password, lock the case.

Don't bother with an automatic expiration of passwords configured in the
OS. That encourages uses to create new passwords that are similar to
their old passwords, or to use simple passwords that they can remember.
If someone leaves a company, the sysadmin should be disabling their
account, not rely on eventual expiration of that employee's password.

Forcing users to keep changing passwords not only provokes them into
using simple and memorable passwords that are more easily hacked but
also prods them into leaving cheatsheets around with a list of their
passwords. Walk around to see how many employees have recorded their
passwords on a sticky note stuck to the bottom of their keyboard or the
side of a desk drawer that can be seen when the drawer is opened.
Expiration of passwords also impacts productivity. A user cannot login
to do their work. A presentation is interrupted by the orator has to
create a new password (that they may not remember having to do it in a
hurry and on-the-fly) to continue the presentation. If the lock on your
shed shows no signs of tampering, do you change the lock every month?

If the ex-employee was logging into the domain, the sysadmin disables
the roaming profile on the PDC. If the ex-employee has local admin
privileges on a workstation, the sysadmin will have to physically visit
that ex-employee's workstations to login using the sysadmin's
admin-level account to disable the ex-employee's admin-level accounts.

Social engineering still works. Some sites will require users to enter
a CAPTCHA string before a visitor can see some content they want (e.g.,
porn sites where visitors will jump through hoops to see the porn).
These CAPTCHA images are grabbed from other sites and then presented to
the visitor of the porn site. They use the intelligence of their
visitors to break the CAPTCHAs at other sites. CAPTCHAs that are merely
arithmetic strings are stupid as those can be simply copied (from the
display or from the web page code) and then pasted into a calculator
app. Many CAPTCHAs have audio playback. Well, even you know when
calling some call center that they use software that can recognize what
you say instead of relying on you pressing buttons on the phone.

CAPTHCAs aren't secure. They were never meant to be a form of security.
They are to differentiate between humans and bots. Using CAPTCHAs for
logins is to nuisance a user by interrupting a login, so the user thinks
there is added security. Any site can use a login that logarithmically
increases the interval between retries making it take unbearably long,
especially for computers trying to hack, to perform multiple retries.

https://www.sitepoint.com/captcha-are-not-a-security-measure/

Also, no matter how long is the bitlength of a passphrase or how
convoluted the hashing algorithm, you're relying on chance that a hacker
doesn't get your password. They could succeed on the very first attempt
even when using random strings. That's how probability works.
pyotr filipivich
2018-06-13 15:36:49 UTC
Permalink
Post by VanguardLH
I have been bitching about this for ages. Time to rethink mandatory
password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Use a *different* password at every site (domain). Not some
transformation of the same password but a completely different one.
Use a *different* password at every host (unless it's a workstation on a
domain and you want to reuse your user profile from the PDC).
You could use software but then have to trust someone else with your
passwords, unless they are locally encrypted using a passphrase you
choose (but then you have to remember the passphrase). I prefer to use
an algorithm that I can remember, so I don't need to install the
software (not an option if a host is not your property) everywhere I go.
Always use strong passwords. Not something stupid, like in the Comcast
commercial where the parents tell their kid to set "YouMustStillVisitUs"
as their password.
Don't save passwords in software (e.g., web browsers) other than on the
hosts to which only you have physical access.
Use a different password for the system (BIOS) and OS login. When using
a system password, lock the case.
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
nospam
2018-06-13 15:49:26 UTC
Permalink
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
pyotr filipivich
2018-06-14 00:25:48 UTC
Permalink
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.

I think I'll stick with a paper notebook.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
nospam
2018-06-14 02:00:57 UTC
Permalink
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
hardly an obstacle. maybe a minute, if that long.
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
pyotr filipivich
2018-06-14 03:19:33 UTC
Permalink
Post by nospam
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
hardly an obstacle. maybe a minute, if that long.
"The slothful man saith, There is a lion without, I shall be slain
in the streets."
Post by nospam
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
But then again, I don't have to worry about the notebook being
"hacked".
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
nospam
2018-06-14 03:26:44 UTC
Permalink
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
But then again, I don't have to worry about the notebook being
"hacked".
actually you do, since it's not encrypted. anyone can look at it and
find out your passwords.

there are also no backups. if you lose the notebook, or your house
burns down, there go your passwords, and in the former case, someone
else now knows what they are.

with a password manager, it will take a few billion years to crack the
master password, assuming it isn't lame, like monkey123 or qwerty.

there can also be an unlimited number of backups scattered across the
planet, so outside of an alien invasion where the earth is completely
destroyed, your passwords will be safe, and if that were to happen, not
knowing your passwords will be a relatively minor issue, should you
somehow survive.
Chris
2018-06-14 08:56:26 UTC
Permalink
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
hardly an obstacle. maybe a minute, if that long.
"The slothful man saith, There is a lion without, I shall be slain
in the streets."
Post by nospam
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
But then again, I don't have to worry about the notebook being
"hacked".
You do have worry about not having it with you when you need it, though.
pyotr filipivich
2018-06-14 23:20:03 UTC
Permalink
Post by Chris
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
hardly an obstacle. maybe a minute, if that long.
"The slothful man saith, There is a lion without, I shall be slain
in the streets."
Post by nospam
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
But then again, I don't have to worry about the notebook being
"hacked".
You do have worry about not having it with you when you need it, though.
Considering that I don't use the "device" for anything requiring a
login...
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?
Chris
2018-06-15 07:39:09 UTC
Permalink
Post by pyotr filipivich
Post by Chris
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
hardly an obstacle. maybe a minute, if that long.
"The slothful man saith, There is a lion without, I shall be slain
in the streets."
Post by nospam
Post by pyotr filipivich
I think I'll stick with a paper notebook.
not as safe, plus you're far less likely to use long cryptic passwords
because they're hard to type.
But then again, I don't have to worry about the notebook being
"hacked".
You do have worry about not having it with you when you need it, though.
Considering that I don't use the "device" for anything requiring a
login...
Then what's the paper notebook for?
Diesel
2018-06-19 05:22:32 UTC
Permalink
Post by pyotr filipivich
Post by nospam
Post by pyotr filipivich
Now all I need is a record of all the various passwords, with a
strong password needed to access it.
that's called a password manager.
One more program to download, install, setup and configure.
I've been very pleased with Keepass myself. It also allows you to use
a file as part of the encryption/decryption process. So you can enter
not only a passphrase but pick a file on your hard disk or removable
media and it'll be locked to both. Without both, a 'bad guy' who's
copied the encrypted file containing the database keepass uses won't
be able to do anything with it.

I personally use the v1.x series of Keepass, not the v2.x generation.
v2.x isn't a replacement for the v1.x series, it's essentially a
rewrite to support features some requested. For myself, I don't need
them. If you'd like to know the differences:
https://keepass.info/compare.html
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
I'd love to, but I have to stay home and see if I snore
Diesel
2018-06-19 05:22:32 UTC
Permalink
Post by VanguardLH
Don't save passwords in software (e.g., web browsers) other than
on the hosts to which only you have physical access.
That's still a bad idea, imho. Malware and/or user error could result
in the transmission of the file containing the login details for each
site the browser was told to remember.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
90% of being smart is knowing what you're dumb at.
B00ze
2018-06-13 04:43:29 UTC
Permalink
Good day Sir.
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Yup, same here; I just gave up a few years ago and do like everyone
else, +1 every 3 months...
Post by T
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
You're a bit late, that article is from March 2016 ;-)

This is more recent, and says the NIST guy apologizes for screwing-up 20
years ago:

http://www.alphr.com/security/1006567/password-rules-bill-burr-apology
Post by T
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
The problem is you cannot keep remembering new good passwords every 90
days for 15 different apps, at some point it's too much.
Post by T
The best ones are run on phrases. Mine are up to 30 characters.
Unfortunately not all websites/etc accept 30 character passwords :-(

Regards,
--
! _\|/_ Sylvain / ***@hotmail.com
! (o o) Member:David-Suzuki-Fdn/EFF/Red+Cross/SPCA/Planetary-Society
oO-( )-Oo Windows-NT is the O/S of the future (and always will be.)
T
2018-06-13 05:02:52 UTC
Permalink
Post by B00ze
http://www.alphr.com/security/1006567/password-rules-bill-burr-apology
Thank you!
Post by B00ze
The problem is you cannot keep remembering new good passwords every 90
days for 15 different apps, at some point it's too much.
Folks typically just add to the end of it:

MirosoftSucks!1
MirosoftSucks!11
MirosoftSucks!111
MirosoftSucks!1111

and on and on and so forth,

That one is a really easy one to crack as I is quite common.
I see a lot of expletives about gMail too.
Post by B00ze
Post by T
The best ones are run on phrases. Mine are up to 30 characters.
Unfortunately not all websites/etc accept 30 character passwords :-(
For those I keep 15 character scrambles in a very, very highly
encrypted locked of my own doing. I copy and paste them. No
way I can type them in correct!
Chris
2018-06-13 12:09:05 UTC
Permalink
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
I'm surprised no-one has mentioned password managers. You only need to
remember one (secure) password and all your passwords are available on all
your devices. Safely, securely and under your own control. Simples!

I used keepassX for a while, but the browser integration was unusable. Now,
I use enpass which works on pretty much any combination of OS and browser.

I don't have to know any of my passwords and they're all just random
strings. I wanted them all to be at least 30 characters long, but too many
places restrict the maximum length, which is a massive red flag. Sigh.
wryutirjgkhmmfioertuyie
2018-06-13 15:39:58 UTC
Permalink
Post by Chris
I'm surprised no-one has mentioned password managers. You only need
to remember one (secure) password and all your passwords are
available on all your devices.
Safely, securely and under your own control.
Are you SURE?? Any chance they also can be hacked?

https://www.cbsnews.com/news/lastpass-password-manager-hacked/

And:

"Of course, for every expert who says he can't live without a password
manager, there's another who says he'd gladly go the rest of his life
without ever using one. That's the case for Terry Cutler, co-founder and
chief technology officer of Montreal-based cybersecurity consultancy
Digital Locksmiths.

"I'm not a fan of password-management tools at all," Cutler said in an
email interview. "If the tool got hacked, then all of your codes would
be taken."

Tyler Reguly, manager of security research at cybersecurity firm
Tripwire in Portland, Oregon, agreed with Cutler. He argued that
password managers may do more harm than good, especially for home users.

“Password managers are society's method of moving bad habits to the
computer," Reguly said. "It's bad form to 'write down' passwords, so
instead we 'store' them on our computer. 'Store' is simply the digital
equivalent to 'write down.'"

Figuring out which tools are secure, and which ones aren't, isn't
necessarily an easy task. As Ken Westin, a security researcher with
Tripwire, pointed out, it's hard to know just how secure password
managers really are.

"Personally, I don't trust online password managers," Westin said in an
email message. "This isn't because I think they're insecure; it's
because I don't know how secure they are, how they store my information
and if my data is properly encrypted."

Because of this uncertainty, Westin said he wouldn't store his most
sensitive information in Web-based password managers. For managing
passwords to financial accounts and email accounts, Westin recommended
using a tool that isn't connected to the Internet.

"For maximum safety, the passwords to these services [financial and
email accounts] should be kept in an offline, encrypted password manager
application, like KeePass, that requires authentication to open and is
backed up regularly and securely," Westin said."

https://www.tomsguide.com/us/password-manager-pros-cons,news-19018.html
nospam
2018-06-13 15:49:27 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Chris
I'm surprised no-one has mentioned password managers. You only need
to remember one (secure) password and all your passwords are
available on all your devices.
Safely, securely and under your own control.
Are you SURE?? Any chance they also can be hacked?
nothing is 100% secure. anything can be hacked given sufficient
motivation and resources.

the point is that you're *much* better off with a password manager than
without, if for no other reason that it lets you use *much* *better*
passwords than you otherwise would have.

nobody is going to remember ***@wmJ*5T_!<# or 'h9/LMtCTbz7,@R&,
especially when each site is different, so they choose something easy
to remember, such as password, qwerty, 12345, etc., and use reuse it on
multiple sites, or in the case of equifax, admin/admin (they really did
that).
Post by wryutirjgkhmmfioertuyie
https://www.cbsnews.com/news/lastpass-password-manager-hacked/
the master password was compromised, but not the individual passwords
for each site.

there are also password managers that store locally, not in the cloud,
completely eliminating that attack vector.
Chris
2018-06-13 19:36:25 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Chris
I'm surprised no-one has mentioned password managers. You only need
to remember one (secure) password and all your passwords are
available on all your devices.
Safely, securely and under your own control.
Are you SURE?? Any chance they also can be hacked?
https://www.cbsnews.com/news/lastpass-password-manager-hacked/
The two products I mentioned (Keepass and enpass) don't use an online
server, so are immune to that type of hack.

I tried to hack my own database file and despite even knowing my own
password I wasn't able to get access to it.

Nothing is perfectly secure, but I'm way down the list of easy targets.
[Snip]
Post by wryutirjgkhmmfioertuyie
"For maximum safety, the passwords to these services [financial and
email accounts] should be kept in an offline, encrypted password manager
application, like KeePass, that requires authentication to open and is
backed up regularly and securely," Westin said."
https://www.tomsguide.com/us/password-manager-pros-cons,news-19018.html
Which is exactly as I was recommending. The best password managers are ones
with encrypted database files that are stored locally.
wryutirjgkhmmfioertuyie
2018-06-13 22:39:12 UTC
Permalink
Post by Chris
The two products I mentioned (Keepass and enpass) don't use an
online server, so are immune to that type of hack...
The best password managers are ones with encrypted database files
that are stored locally.
But apparently they are not immune to local corruption either:

"KeePass has quite some features to avoid database file corruption"...

..."However, data corruption can still be caused by other programs, the
system or broken storage devices"...

..."KeePass of course can't do anything when the data becomes
corrupted/unreadable at a later point of time"

https://keepass.info/help/base/repair.html

Dunno. That sounds a bit scary to me. I can't imagine the problems I'd
have if I lost all my passwords in one crash and couldn't log in
anymore. Also I'd be nervous about putting all my passwords in some
strange software's hands. Who knows for sure what it really does
(paranoia on). YMMV.

I just use a simple formula that includes certain place number
characters of the web site intermingled with employee numbers from past
employment. I keep the formula in my head so don't have to write the
full passwords down. It's certainly not 30 character strong but with
two-factor authentication (on the sensitive sites) it's reasonably
secure. YMMV.
Nil
2018-06-14 00:40:38 UTC
Permalink
No computer file is immune.
Post by wryutirjgkhmmfioertuyie
Dunno. That sounds a bit scary to me. I can't imagine the problems
I'd have if I lost all my passwords in one crash and couldn't log
in anymore.
There's a handy little invention called "The Backup"! Keepass files are
very small.
wryutirjgkhmmfioertuyie
2018-06-14 02:05:03 UTC
Permalink
Post by Nil
No computer file is immune.
Corruption in a 30 password file that pretty much controls most aspects
of one's online life would IMO be a big deal.
Post by Nil
I can't imagine the problems I'd have if I lost all my passwords
There's a handy little invention called "The Backup"!
Ah. Sarcasm. Love it. And if you unknowingly made a backup of the
corrupted file?

My software free formula type password memory system has yet to crash or
be corrupted. It works for me. But as I've liberally pointed out many
times in this thread...YMMV.
nospam
2018-06-14 02:48:07 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Nil
I can't imagine the problems I'd have if I lost all my passwords
There's a handy little invention called "The Backup"!
Ah. Sarcasm. Love it. And if you unknowingly made a backup of the
corrupted file?
then you use an older copy, prior to the corruption. simple.

keep in mind that you'd normally be accessing it every day, so you'll
instantly know if there's any corruption in the unlikely event it
occurred.
Nil
2018-06-14 04:58:39 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Nil
There's a handy little invention called "The Backup"!
Ah. Sarcasm. Love it. And if you unknowingly made a backup of the
corrupted file?
Then you go to your next oldest backup (which is still quite recent),
of course. That's how all backups are to be used. But surely you
already knew that. Right? Right??
Paul
2018-06-14 05:14:10 UTC
Permalink
Post by Nil
Post by wryutirjgkhmmfioertuyie
Post by Nil
There's a handy little invention called "The Backup"!
Ah. Sarcasm. Love it. And if you unknowingly made a backup of the
corrupted file?
Then you go to your next oldest backup (which is still quite recent),
of course. That's how all backups are to be used. But surely you
already knew that. Right? Right??
I had two backups ruined by bad RAM.
But, I had others :-) Really old and scummy,
but still backups.

For you people out there unfamiliar with failures
like this, run Verify on your backup tool
occasionally, and verify what got backed up
is intact. Backups use checksums as a means to
verify what was written.

The bad RAM in my system, seemed to be in an
area in low RAM used as a write buffer. One day
the system crashed after writing 15GB of data.
And you could reproduce it. Reboot, try and
write 15GB of data, and it would crash. That
was the first good hint that something was wrong.

Run a Verify occasionally, just to see whether
your "goods" are "good".

That doesn't guarantee that a file wasn't in a
corrupted state when it was backed up. That
case is just another level of corruption. If
you don't keep a lot of versions around, there's
a chance you actually have *nothing* good on hand.

I learned about this sort of thing, from a tape
drive at work. People were making a ton of backups
at their desk, with a loaner 8mm helical scan drive.
I asked about "when was the last time that thing
had a cleaning tape", and I got this blank look.
When we inserted the stack of tapes, one at a time,
all the tapes were *blank*. That's how dirty the
heads were. Just because you're holding a tape in
your hand, doesn't mean there is anything on it.
That's where Verify comes in. While hard drives
are not tape drives, there's still value in Verify.

Paul
Diesel
2018-06-19 05:22:33 UTC
Permalink
Paul <***@needed.invalid> news:pfstiv$itb$***@dont-email.me Thu, 14
Jun 2018 05:14:10 GMT in alt.windows7.general, wrote:

[snip]
Post by Paul
I learned about this sort of thing, from a tape
drive at work. People were making a ton of backups
at their desk, with a loaner 8mm helical scan drive.
I asked about "when was the last time that thing
had a cleaning tape", and I got this blank look.
When we inserted the stack of tapes, one at a time,
all the tapes were *blank*. That's how dirty the
heads were. Just because you're holding a tape in
your hand, doesn't mean there is anything on it.
That's where Verify comes in. While hard drives
are not tape drives, there's still value in Verify.
Paul
+10! Preach it Brother Paul!
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
Nice kittens give you time to clot between attacks.
wryutirjgkhmmfioertuyie
2018-06-14 05:34:13 UTC
Permalink
Post by Nil
if you unknowingly made a backup of the corrupted file?
Then you go to your next oldest backup
Getting complicated. Now you have to keep a folder somewhere with
several old backup files? Not necessary with my password system which
relies only on my wetware, and not some third party's software.
Post by Nil
(which is still quite recent),
It might not be that recent. For non-sensitive sites (like iHeart Radio)
I often let the browser remember the password. So I might not need that
password again for several weeks when needed for a new device or
browser. But with my password formula I just pull it out of my head. No
backups needed. Easy peasy.
Nil
2018-06-14 07:35:45 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Getting complicated. Now you have to keep a folder somewhere with
several old backup files? Not necessary with my password system
which relies only on my wetware, and not some third party's
software.
Post by Nil
(which is still quite recent),
It might not be that recent. For non-sensitive sites (like iHeart
Radio) I often let the browser remember the password. So I might
not need that password again for several weeks when needed for a
new device or browser. But with my password formula I just pull it
out of my head. No backups needed. Easy peasy.
OK, your system works for you. I find Keepass quite useful. It lets me
use very random passwords that I could never remember, and it will also
store any password, not just for web sites.

And I find it to be no inconvenience in the least to make backups of it
and my other data. I don't add or change passwords very often so any
backup is likely to be current. I have never, in my several years of
its use, had a corrupt file. I think you're fear of that is
exaggerated.
wryutirjgkhmmfioertuyie
2018-06-14 16:27:36 UTC
Permalink
Post by Nil
OK, your system works for you. I find Keepass quite useful.
Translation: YMMV. Strongly agreed.
Post by Nil
It lets me use very random passwords that I could never remember,
My formula password system generates 13 character passwords. They're
certainly not Keepass quality passwords but IMO I don't need that level
of security. Also 2FA greatly adds to that security.
Post by Nil
and it will also store any password, not just for web sites.
My system works with any name, not just web sites. But I usually use the
web site name to generate the password. Most sites use the same password
whether accessed by browser or app.
Post by Nil
And I find it to be no inconvenience in the least to make backups of
it and my other data.
Inconvenience wasn't my problem. Temporary loss of my online life due to
a malfunction of a strange piece of software that I have no way of
fixing. Or for that matter knowing what its stealth capabilities in
regards to my sensitive password/site data might be.

But in reality I'm probably in more danger from the companies on the
other end of the passwords. I now have three letters on file telling me
of breaches that exposed my data...
nospam
2018-06-14 13:11:17 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Nil
if you unknowingly made a backup of the corrupted file?
Then you go to your next oldest backup
Getting complicated. Now you have to keep a folder somewhere with
several old backup files? Not necessary with my password system which
relies only on my wetware, and not some third party's software.
a good backup system does that automatically.
Post by wryutirjgkhmmfioertuyie
Post by Nil
(which is still quite recent),
It might not be that recent. For non-sensitive sites (like iHeart Radio)
I often let the browser remember the password. So I might not need that
password again for several weeks when needed for a new device or
browser. But with my password formula I just pull it out of my head. No
backups needed. Easy peasy.
you might not need *that* password, but the rest of the database will
be accessed on a daily basis, so you will instantly know if it's
corrupted, which is extremely unlikely.
Chris
2018-06-14 08:55:50 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
Post by Chris
The two products I mentioned (Keepass and enpass) don't use an
online server, so are immune to that type of hack...
The best password managers are ones with encrypted database files
that are stored locally.
"KeePass has quite some features to avoid database file corruption"...
..."However, data corruption can still be caused by other programs, the
system or broken storage devices"...
..."KeePass of course can't do anything when the data becomes
corrupted/unreadable at a later point of time"
https://keepass.info/help/base/repair.html
That's why you have back-ups, as others have said. I used Keepass for about
two years using it every day on two computers, one tablet and a phone.
Syncing was reliable and I had no errors in that time.

Since then, I've used enpass for about two years with the same experience.
Post by wryutirjgkhmmfioertuyie
Dunno. That sounds a bit scary to me. I can't imagine the problems I'd
have if I lost all my passwords in one crash and couldn't log in
anymore. Also I'd be nervous about putting all my passwords in some
strange software's hands. Who knows for sure what it really does
(paranoia on). YMMV.
Keepass is fully open source and has been verified. Enpass is based on the
open source protects walletx and sqlcypher. I'm not sure if it's been
externally verified.
Post by wryutirjgkhmmfioertuyie
I just use a simple formula that includes certain place number
characters of the web site intermingled with employee numbers from past
employment. I keep the formula in my head so don't have to write the
full passwords down. It's certainly not 30 character strong but with
two-factor authentication (on the sensitive sites) it's reasonably
secure. YMMV.
I tried that for a while, but some websites weren't compatible with my
algorithm: either too long or unsupported characters (like numbers, duh!).
So I was having to remember multiple algorithms which got tedious or I used
weaker passwords.

With a password manager I needn't worry and I can free up some of my brain
cells :)
wryutirjgkhmmfioertuyie
2018-06-14 16:27:50 UTC
Permalink
I used Keepass for about two years using it every day on two
computers, one tablet and a phone. Syncing was reliable and I had no
errors in that time.
Does Keepass do updates? Do you think one might be as effective as a W10
update... 8-O
Since then I've used enpass for about two years with the same
experience.
I've used my formula system for 30+ years. Long before Keepass/Enpass
was a gleam in the developers eye. And I have had lots of errors over
the years due to my somewhat faulty wetware. But then I can just rethink
and retype to fix them.
I tried that [formula passwords] for a while, but some websites
Me too. Just had to rethink my formula. Good for the wetware. Use it or
lose it...
With a password manager I needn't worry and I can free up some of my
brain cells :)
YMMV. Strongly agree...
Chris
2018-06-14 17:57:21 UTC
Permalink
Post by wryutirjgkhmmfioertuyie
I used Keepass for about two years using it every day on two
computers, one tablet and a phone. Syncing was reliable and I had no
errors in that time.
Does Keepass do updates?
Sure. Not that often as it's a pretty simple app.

Do you think one might be as effective as a W10
Post by wryutirjgkhmmfioertuyie
update... 8-O
Unlikely. Microsoft's effectiveness is legendary!
Post by wryutirjgkhmmfioertuyie
Since then I've used enpass for about two years with the same
experience.
I've used my formula system for 30+ years. Long before Keepass/Enpass
was a gleam in the developers eye. And I have had lots of errors over
the years due to my somewhat faulty wetware. But then I can just rethink
and retype to fix them.
I tried that [formula passwords] for a while, but some websites
Me too. Just had to rethink my formula. Good for the wetware. Use it or
lose it...
Doing that limits you to the lowest common denominator. Resulted in making
passwords too short. Plus, then you need to reset the password for the
tens/hundreds of sites with the old system. Life's too short.
Post by wryutirjgkhmmfioertuyie
With a password manager I needn't worry and I can free up some of my
brain cells :)
YMMV. Strongly agree...
Indeed.
SilverSlimer
2018-06-13 13:32:23 UTC
Permalink
Post by T
Hi w10 and w7,
I have been bitching about this for ages.
Time to rethink mandatory password changes
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables? Changing your passwords constantly is
not a good security feature.
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Run-on sentences are an excellent idea, I'll have to try that.
T
2018-06-13 18:21:42 UTC
Permalink
Post by SilverSlimer
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Run-on sentences are an excellent idea, I'll have to try that.
Throw some spaces in too.

"All Hail Todd!" is already taken. What??? No I don't use that
password and I am not stupid enough to write it in the Internet.
SilverSlimer
2018-06-13 20:17:47 UTC
Permalink
Post by T
Post by SilverSlimer
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Run-on sentences are an excellent idea, I'll have to try that.
Throw some spaces in too.
"All Hail Todd!" is already taken. What??? No I don't use that
password and I am not stupid enough to write it in the Internet.
If they're allowed, that's a pretty good idea too.
T
2018-06-14 16:12:55 UTC
Permalink
Post by SilverSlimer
Post by T
Post by SilverSlimer
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases. Mine are up to 30 characters.
Run-on sentences are an excellent idea, I'll have to try that.
Throw some spaces in too.
"All Hail Todd!" is already taken. What??? No I don't use that
password and I am not stupid enough to write it in the Internet.
If they're allowed, that's a pretty good idea too.
mail.zoho.com does not. gMail does.
...w¡ñ§±¤ñ
2018-06-14 07:04:40 UTC
Permalink
Post by T
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
Sideline note.
The author, L. Cranor, of the 2016 article was the FTC Chief Technology
Officer until Jan. 2017.
That position is still vacant and hasn't been formally filled for 18
months(the last CTO prior to Cranor was only an attorney temporarily
appointed as 'acting' CTO)
--
...w¡ñ§±¤ñ
ms mvp windows 2007-2016, insider mvp 2016-2018
Paul
2018-06-14 07:36:04 UTC
Permalink
Post by ...w¡ñ§±¤ñ
Post by T
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
Sideline note.
The author, L. Cranor, of the 2016 article was the FTC Chief Technology
Officer until Jan. 2017.
That position is still vacant and hasn't been formally filled for 18
months(the last CTO prior to Cranor was only an attorney temporarily
appointed as 'acting' CTO)
You can have that job, if you can guess the password.

That's why the position is still vacant.

Paul
Nil
2018-06-14 07:47:28 UTC
Permalink
On 14 Jun 2018, =?UTF-8?B?Li4ud8Khw7HCp8KxwqTDsQ==?=
Post by ...w¡ñ§±¤ñ
Sideline note.
The author, L. Cranor, of the 2016 article was the FTC Chief
Technology Officer until Jan. 2017.
That position is still vacant and hasn't been formally filled for
18 months(the last CTO prior to Cranor was only an attorney
temporarily appointed as 'acting' CTO)
"Technology"!?!?! Bah. That's awfully close to "Science" and "Facts".
Nobody wants those things any more. If it's not simple, catchy, with no
boring details or nuance, and can fit in a tweet, they're not
interested.
T
2018-06-14 17:43:19 UTC
Permalink
Post by Nil
"Technology"!?!?! Bah. That's awfully close to "Science" and "Facts".
Nobody wants those things any more. If it's not simple, catchy, with no
boring details or nuance, and can fit in a tweet, they're not
interested.
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.

This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
Nil
2018-06-14 18:57:28 UTC
Permalink
Post by T
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no longer
have the patience or attention span to read or absorb detailed
information. Everything has to be fed to them in small, pre-digested
bites.

This has become a problem in general. If I write anything more than a
paragraph of text, many (most?) people won't bother to scroll down and
read the rest. If I ask, say, 3 questions, I'll get an answer to the
first one and they probably never even see the last two.

My family has become like this. They won't completely read my emails,
and they rarely answer the phone. They respond to text messaging only,
which is totally inadequate for real communication.
T
2018-06-14 19:23:53 UTC
Permalink
Post by Nil
Post by T
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no longer
have the patience or attention span to read or absorb detailed
information. Everything has to be fed to them in small, pre-digested
bites.
This has become a problem in general. If I write anything more than a
paragraph of text, many (most?) people won't bother to scroll down and
read the rest. If I ask, say, 3 questions, I'll get an answer to the
first one and they probably never even see the last two.
My family has become like this. They won't completely read my emails,
and they rarely answer the phone. They respond to text messaging only,
which is totally inadequate for real communication.
My experience too.

That first question thing drives me INSANE! My vendors do
this to me ALL-THE-TIME.

Sometimes there is the occasional "word wall", which is frustrating
to grudge through, but that is rare these days.
Ant
2018-06-14 19:47:04 UTC
Permalink
Post by T
Post by Nil
Post by T
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no longer
have the patience or attention span to read or absorb detailed
information. Everything has to be fed to them in small, pre-digested
bites.
This has become a problem in general. If I write anything more than a
paragraph of text, many (most?) people won't bother to scroll down and
read the rest. If I ask, say, 3 questions, I'll get an answer to the
first one and they probably never even see the last two.
My family has become like this. They won't completely read my emails,
and they rarely answer the phone. They respond to text messaging only,
which is totally inadequate for real communication.
My experience too.
That first question thing drives me INSANE! My vendors do
this to me ALL-THE-TIME.
Sometimes there is the occasional "word wall", which is frustrating
to grudge through, but that is rare these days.
Ditto. They always think it is too long to read. [sighs]
--
Quote of the Week: "I never kill insects. If I see ants or spiders in
the room, I pick them up and take them outside. Karma is everything."
--Holly Valance
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://antfarm.home.dhs.org
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
J. P. Gilliver (John)
2018-06-14 20:14:03 UTC
Permalink
Post by Ant
Post by T
Post by Nil
Post by T
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no longer
have the patience or attention span to read or absorb detailed
information. Everything has to be fed to them in small, pre-digested
bites.
This has become a problem in general. If I write anything more than a
paragraph of text, many (most?) people won't bother to scroll down and
I used to find this at work, too.
Post by Ant
Post by T
Post by Nil
read the rest. If I ask, say, 3 questions, I'll get an answer to the
first one and they probably never even see the last two.
My family has become like this. They won't completely read my emails,
and they rarely answer the phone. They respond to text messaging only,
which is totally inadequate for real communication.
My experience too.
That first question thing drives me INSANE! My vendors do
this to me ALL-THE-TIME.
This _sometimes_ works: say at the beginning of the communication,
something like "This communication contains five questions. I have
numbered them [thus]." It requires you to go back through your email
before sending, actually putting in [1] etc., and then going back again
to say what the total is. It often still doesn't work, but at least then
they have no _excuse_ for not having read it.
Post by Ant
Post by T
Sometimes there is the occasional "word wall", which is frustrating
to grudge through, but that is rare these days.
Ditto. They always think it is too long to read. [sighs]
But it takes them longer in the end, because they come back and ask for
something that was explained in the first communication. They also
suggest things ... they don't read "I have already tried" statements.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)***@T+H+Sh0!:`)DNAf

Her [Valerie Singleton's] main job on /Blue Peter/ was to stop unpredictable
creatres running amok. And that was just John Noakes.
- Alison Pearson, RT 2014/9/6-12
T
2018-06-14 21:16:37 UTC
Permalink
Post by J. P. Gilliver (John)
Post by Ant
Post by T
Post by Nil
I have noticed this.  If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals.  They
just discard them after you put hours into them.  I have
thought of charging for my time.  "I couldn't read it on
my phone".  "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no longer
have the patience or attention span to read or absorb detailed
information. Everything has to be fed to them in small, pre-digested
bites.
This has become a problem in general. If I write anything more than a
paragraph of text, many (most?) people won't bother to scroll down and
I used to find this at work, too.
Post by Ant
Post by T
Post by Nil
read the rest. If I ask, say, 3 questions, I'll get an answer to the
first one and they probably never even see the last two.
My family has become like this. They won't completely read my emails,
and they rarely answer the phone. They respond to text messaging only,
which is totally inadequate for real communication.
My experience too.
That first question thing drives me INSANE!  My vendors do
this to me ALL-THE-TIME.
This _sometimes_ works: say at the beginning of the communication,
something like "This communication contains five questions. I have
numbered them [thus]." It requires you to go back through your email
before sending, actually putting in [1] etc., and then going back again
to say what the total is. It often still doesn't work, but at least then
they have no _excuse_ for not having read it.
Post by Ant
Post by T
Sometimes there is the occasional "word wall", which is frustrating
to grudge through, but that is rare these days.
Ditto. They always think it is too long to read. [sighs]
But it takes them longer in the end, because they come back and ask for
something that was explained in the first communication. They also
suggest things ... they don't read "I have already tried" statements.
I have gotten testy at times. I do the numbering thing like
you. But I add

"Please answer all question. If you choose not to answer
a particular question, please add 'do not choose to answer'
to the question"

it gets their attention.
Diesel
2018-06-20 06:01:21 UTC
Permalink
Post by Ant
Post by T
Post by Nil
Post by T
I have noticed this. If I eMail certain customer explanations
of thing they solicit from me, they won't read it if it goes
over two sentences.
This is REALLY AGGRAVATING when they ask for proposals. They
just discard them after you put hours into them. I have
thought of charging for my time. "I couldn't read it on
my phone". "And you could use your computer, why?"
AGGRAVATING!
I believe this phenomenon has its own acronym: TLDR. People no
longer have the patience or attention span to read or absorb
detailed information. Everything has to be fed to them in
small, pre-digested bites.
This has become a problem in general. If I write anything more
than a paragraph of text, many (most?) people won't bother to
scroll down and read the rest. If I ask, say, 3 questions, I'll
get an answer to the first one and they probably never even see
the last two.
My family has become like this. They won't completely read my
emails, and they rarely answer the phone. They respond to text
messaging only, which is totally inadequate for real
communication.
My experience too.
That first question thing drives me INSANE! My vendors do
this to me ALL-THE-TIME.
Sometimes there is the occasional "word wall", which is
frustrating to grudge through, but that is rare these days.
Ditto. They always think it is too long to read. [sighs]
Cripes. They probably wouldn't want to review any of the technical
manuals etc that you held in your hand. You remember those right?
They had paper and printed words on it. [g] And depending on the
technical level and/or the subject matter, may or may not have
included pictures. Diagrams and schematics more likely. [g]
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
Right now I'm having amnesia and deja vu at the same time.
Diesel
2018-06-20 06:01:21 UTC
Permalink
They respond to text messaging only, which is totally inadequate
for real communication.
I was discussing this very issue with a co worker today. We both agreed
that texting just doesn't work for real communications.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
Me know gammar. Me cood use it gud.
Chris
2018-06-20 07:41:25 UTC
Permalink
Post by Diesel
They respond to text messaging only, which is totally inadequate
for real communication.
I was discussing this very issue with a co worker today. We both agreed
that texting just doesn't work for real communications.
What on earth is "real" communication? We have been changing our forms of
communication for hundreds of years, texting is just another option. It's
perfectly possible to communicate via text - millions do it every day.
Wolf K
2018-06-20 12:53:45 UTC
Permalink
Post by Chris
Post by Diesel
They respond to text messaging only, which is totally inadequate
for real communication.
I was discussing this very issue with a co worker today. We both agreed
that texting just doesn't work for real communications.
What on earth is "real" communication?
Complete communication.
Post by Chris
We have been changing our forms of
communication for hundreds of years, texting is just another option. It's
perfectly possible to communicate via text - millions do it every day.
Actually, in person face-to-face communication is the most complete. It
begins even before you open your mouth, and consists of at least three
channels, of which speech is often not the most important one. All other
forms/modes of communication are limited in some way. Emojis are an
attempt to compensate for the limitations of text.

Writing has been around long enough that literate societies have found
ways to work around the limitations of writing, but it's taken thousands
of years. Eg, punctuation, which is an attempt to indicate intonation,
without which you wouldn't know which parts of the sentence are which.
Greeks and Romans didn't punctuate. Much of the time they didn't even
insert spaces between the words. Punctuation was invented as "pointing"
in the Middle Ages, partly to help monks chant liturgical texts. Musical
notation and punctuation eventually diverged.

BTW, "phony" derives from "telephone".
--
Wolf K
kirkwood40.blogspot.com
Ethics is knowing the difference between what you have a right to do and
what is right to do. Potter Stewart
Diesel
2018-06-25 20:33:10 UTC
Permalink
Post by Chris
Post by Diesel
They respond to text messaging only, which is totally
inadequate for real communication.
I was discussing this very issue with a co worker today. We both
agreed that texting just doesn't work for real communications.
What on earth is "real" communication?
Complete communication. You can't represent body language or emotion
reliably over text based communications.
Post by Chris
We have been changing our forms of communication for hundreds of
years, texting is just
In some respects we have yes. However, our primary method of
communication as a species is still performed by reading body
language and emotion. Neither of which communicates well over text
based communications systems, past or present.
Post by Chris
another option. It's perfectly possible to communicate via text -
millions do it every day.
I don't believe anyone stated otherwise. It's one thing to
communicate and another to have a complete conversation.If you need
specific answers to specific questions which require nothing more
than a technical response, text based communications of all kinds
typically serve that purpose well.

If you're having a 'heart to heart' discussion, text based
communications platforms are not the most efficient or reliable
manner in which to do that. You cannot read body language (at all)
and it's difficult to accurately pickup on emotions via text as well.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
We don't know who discovered water, but we're pretty sure it wasn't a
fish.
Mayayana
2018-06-25 21:21:16 UTC
Permalink
"Diesel" <***@privacy.net> wrote

| > We have been changing our forms of communication for hundreds of
| > years, texting is just
|
| In some respects we have yes. However, our primary method of
| communication as a species is still performed by reading body
| language and emotion. Neither of which communicates well over text
| based communications systems, past or present.
|

I think that there's also another aspect that people
often don't recognize. Texting is quick, easy, and often
done "on the go". It's casual. The art of language is
ignored. Ideas are not well thought out or carefully
expressed. It goes with a hasty mode of being. That's
OK for, "I'm running 10 minutes late". It's not OK for,
"I was thinking about Mom's death..."

Years ago I used to spend an afternoon writing a letter
to someone. Then I'd wait 2-3 weeks for a response. That
was thoughtful writing. I rarely spend so much time with
email. (I don't text at all.)
Chris
2018-06-26 07:28:57 UTC
Permalink
Post by Diesel
Post by Chris
Post by Diesel
They respond to text messaging only, which is totally
inadequate for real communication.
I was discussing this very issue with a co worker today. We both
agreed that texting just doesn't work for real communications.
What on earth is "real" communication?
Complete communication. You can't represent body language or emotion
reliably over text based communications.
That's true, however, I wouldn't call texting any less real than other
forms of communication.
Post by Diesel
Post by Chris
We have been changing our forms of communication for hundreds of
years, texting is just
In some respects we have yes. However, our primary method of
communication as a species is still performed by reading body
language and emotion. Neither of which communicates well over text
based communications systems, past or present.
Not sure it's our primary method. Personally and professionally speaking in
person is done with the minority of our contacts.
Post by Diesel
Post by Chris
another option. It's perfectly possible to communicate via text -
millions do it every day.
I don't believe anyone stated otherwise. It's one thing to
communicate and another to have a complete conversation.If you need
specific answers to specific questions which require nothing more
than a technical response, text based communications of all kinds
typically serve that purpose well.
If you're having a 'heart to heart' discussion, text based
communications platforms are not the most efficient or reliable
manner in which to do that. You cannot read body language (at all)
and it's difficult to accurately pickup on emotions via text as well.
Harder, but not impossible. Better to communicate via text than not at all.
Diesel
2018-06-29 08:31:36 UTC
Permalink
Post by Chris
Post by Diesel
Complete communication. You can't represent body language or
emotion reliably over text based communications.
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Post by Chris
Post by Diesel
In some respects we have yes. However, our primary method of
communication as a species is still performed by reading body
language and emotion. Neither of which communicates well over
text based communications systems, past or present.
Not sure it's our primary method. Personally and professionally
speaking in person is done with the minority of our contacts.
It's a fairly simple thing to google and independently verify. No
need to take my word for it. Technology is great, don't get me wrong,
but, it's not a suitable replacement for in person communications,
either.
Post by Chris
Post by Diesel
I don't believe anyone stated otherwise. It's one thing to
communicate and another to have a complete conversation.If you
need specific answers to specific questions which require nothing
more than a technical response, text based communications of all
kinds typically serve that purpose well.
If you're having a 'heart to heart' discussion, text based
communications platforms are not the most efficient or reliable
manner in which to do that. You cannot read body language (at
all) and it's difficult to accurately pickup on emotions via text
as well.
Harder, but not impossible. Better to communicate via text than not at all.
In so much as to acknowledge the important message and indicate
you'll be there in person (if possible) shortly or call them using
your voice, to speak with them.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
'No one told me when to run; I missed the starting gun.' -- Pink
Floyd
NY
2018-06-29 08:58:58 UTC
Permalink
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that people
don't write complete sentences and because of limitations on the number of
characters in a text (at least historically) and the problem of typing on a
tiny on-screen keyboard, people become very terse and abbreviate words.
Chris
2018-06-29 17:52:11 UTC
Permalink
Post by NY
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that people
don't write complete sentences and because of limitations on the number of
characters in a text (at least historically) and the problem of typing on a
tiny on-screen keyboard, people become very terse and abbreviate words.
Being able to write concisely and clearly is a strength not a weakness.

Multi-paragraph emails are just as capable of being nonsensical as a 140
character tweet/txt.

You adapt to the medium.
Wolf K
2018-06-29 18:43:02 UTC
Permalink
Post by Chris
Post by NY
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that people
don't write complete sentences and because of limitations on the number of
characters in a text (at least historically) and the problem of typing on a
tiny on-screen keyboard, people become very terse and abbreviate words.
Being able to write concisely and clearly is a strength not a weakness.
Multi-paragraph emails are just as capable of being nonsensical as a 140
character tweet/txt.
You adapt to the medium.
Indeed.

That adaptation includes working with its limitations as well as its
strengths.
--
Wolf K
kirkwood40.blogspot.com
What you choose to do with your body will, inevitably, have
psychological consequences.
VanguardLH
2018-06-29 19:33:41 UTC
Permalink
Post by Chris
Post by NY
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that people
don't write complete sentences and because of limitations on the number of
characters in a text (at least historically) and the problem of typing on a
tiny on-screen keyboard, people become very terse and abbreviate words.
Being able to write concisely and clearly is a strength not a weakness.
Multi-paragraph emails are just as capable of being nonsensical as a 140
character tweet/txt.
You adapt to the medium.
That's not what NY said, but they you're trying to divert from the
issue. Clarity is lost with overuse of acronyms, abbreviations, or
initalisms along with the abundance of mispellings (accidental or
deliberate) from using a device that is not ergonomically designed for
the physical characteristics of humans. Texting is an modern example of
humans miscommunicating due to overly-condensed and overly-short
verbiage.

Find someone that writes poorly in their texts. Have them compose a
message of 500 words long. You'll realize that they are just as inept
in written communication no matter what the venue for delivery. Texting
just amplifies their poor written communication skills. Peculiarly
there are poor texters that switch their style when changing to a
different communication venue, like writing an essay or sending e-mail.
They're lazy or cutsy in one form but proficient in other forms. They
change their style according to context. Alas, most of the poor texters
that I've encountered are also poor e-mailers and doc writers. Finding
a good texter is like finding a good apple in a barrel of rotten ones:
the majority reflects the style of the communication venue, and texting
sucks for clarity and intelligibility. Part of the cause is the
enforced reduction in the length of the communication and of texters
trying to compose within that limit. When you call someone and get
their voicemail that says you have 10 seconds to leave a message, the
caller has to quickly cogitate a response but often stumbles in
execution. Goldfish have been proven to have longer retention spans
than humans. Sad.

Way too often writers think they should write like they talk. After
all, these same writers are speaking the words in their head as they
read or write so that's how they write: how they talk. Those are two
different communication skills. Babies learn to talk by copying and
repetition. Writing is a learned skill that takes practice but too
often humans don't expend the effort to practice and improve. They
write like they talk which results in poorly written communication.

What boobs think reverting to hieroglyphics is better communication?
That language died because it was vague and skewed to interpretation.
Christianized Egyptians replace hieroglyphics with the Coptic alphabet
without which interpretations (not exact transcripts) of earlier
Egyptian text would not be possible. Yet today we have modern
hieroglypics in the form of emoticons, so texters (and e-mailers) are
devolving to hieroglyphics. Cutsy and overly abbreviated communication
is vague communication.

Yes, texters can be succint and still be clear. Yes, texters can
communicate well. That's not typical. The technology is crippling
their practice in /writing/ well. Reinforcement makes them bad texters.
Chris
2018-06-30 20:44:11 UTC
Permalink
Post by VanguardLH
Post by Chris
Post by NY
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses, but..
real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that people
don't write complete sentences and because of limitations on the number of
characters in a text (at least historically) and the problem of typing on a
tiny on-screen keyboard, people become very terse and abbreviate words.
Being able to write concisely and clearly is a strength not a weakness.
Multi-paragraph emails are just as capable of being nonsensical as a 140
character tweet/txt.
You adapt to the medium.
That's not what NY said, but they you're trying to divert from the
issue.
What exactly isn't what NY said? I'm simply trying to express an opposing
view.
Post by VanguardLH
Clarity is lost with overuse of acronyms, abbreviations, or
initalisms along with the abundance of mispellings (accidental or
deliberate) from using a device that is not ergonomically designed for
the physical characteristics of humans. Texting is an modern example of
humans miscommunicating due to overly-condensed and overly-short
verbiage.
Find someone that writes poorly in their texts. Have them compose a
message of 500 words long. You'll realize that they are just as inept
in written communication no matter what the venue for delivery. Texting
just amplifies their poor written communication skills. Peculiarly
there are poor texters that switch their style when changing to a
different communication venue, like writing an essay or sending e-mail.
They're lazy or cutsy in one form but proficient in other forms. They
change their style according to context. Alas, most of the poor texters
that I've encountered are also poor e-mailers and doc writers. Finding
the majority reflects the style of the communication venue, and texting
sucks for clarity and intelligibility. Part of the cause is the
enforced reduction in the length of the communication and of texters
trying to compose within that limit. When you call someone and get
their voicemail that says you have 10 seconds to leave a message, the
caller has to quickly cogitate a response but often stumbles in
execution. Goldfish have been proven to have longer retention spans
than humans. Sad.
Way too often writers think they should write like they talk. After
all, these same writers are speaking the words in their head as they
read or write so that's how they write: how they talk. Those are two
different communication skills. Babies learn to talk by copying and
repetition. Writing is a learned skill that takes practice but too
often humans don't expend the effort to practice and improve. They
write like they talk which results in poorly written communication.
What boobs think reverting to hieroglyphics is better communication?
That language died because it was vague and skewed to interpretation.
Christianized Egyptians replace hieroglyphics with the Coptic alphabet
without which interpretations (not exact transcripts) of earlier
Egyptian text would not be possible. Yet today we have modern
hieroglypics in the form of emoticons, so texters (and e-mailers) are
devolving to hieroglyphics. Cutsy and overly abbreviated communication
is vague communication.
Yes, texters can be succint and still be clear. Yes, texters can
communicate well. That's not typical. The technology is crippling
their practice in /writing/ well. Reinforcement makes them bad texters.
You've just proved my point. You've written five paragraphs veering from
how writers write to Egyptians hieroglyphics regarding how to communicate
well, when the last paragraph is probably all you needed.

Long form is not necessarily better nor more "real" communication.
Diesel
2018-07-07 21:02:50 UTC
Permalink
7YA0ygNa3QmxQYTU7...
Post by Diesel
Post by Chris
That's true, however, I wouldn't call texting any less real than
other forms of communication.
We'll have to agree to disagree then. Texting has it's uses,
but.. real communication never was intended to be one of them.
Texting suffers compared with a paper letter or an email in that
people don't write complete sentences and because of limitations
on the number of characters in a text (at least historically) and
the problem of typing on a tiny on-screen keyboard, people become
very terse and abbreviate words.
Those are additional issues with the communications method, yes.
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
An optimist is simply a pessimist with no job experience.
mechanic
2018-07-08 10:06:15 UTC
Permalink
Post by Diesel
Post by NY
Texting suffers compared with a paper letter or an email in that
people don't write complete sentences and because of limitations
on the number of characters in a text (at least historically)
and the problem of typing on a tiny on-screen keyboard, people
become very terse and abbreviate words.
Those are additional issues with the communications method, yes.
Teenagers huh!
Diesel
2018-07-09 08:03:53 UTC
Permalink
Post by mechanic
Post by Diesel
Post by NY
Texting suffers compared with a paper letter or an email in that
people don't write complete sentences and because of limitations
on the number of characters in a text (at least historically)
and the problem of typing on a tiny on-screen keyboard, people
become very terse and abbreviate words.
Those are additional issues with the communications method, yes.
Teenagers huh!
I've seen persons who are no longer teenagers do the same thing so...
:)
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
As goatherd learns his trade by goat, so writer learns his trade by
wrote.
Ant
2018-07-09 18:28:22 UTC
Permalink
Post by Diesel
Post by mechanic
Post by Diesel
Post by NY
Texting suffers compared with a paper letter or an email in that
people don't write complete sentences and because of limitations
on the number of characters in a text (at least historically)
and the problem of typing on a tiny on-screen keyboard, people
become very terse and abbreviate words.
Those are additional issues with the communications method, yes.
Teenagers huh!
I've seen persons who are no longer teenagers do the same thing so...
:)
So? ICN! ..!.. ;)
--
Quote of the Week: "I got worms! That's what we're going to call it.
We're going to specialize in selling worm farms. You know like ant
farms. What's the matter, a little tense about the flight?" --Lloyd
Christmas (Dumb and Dumber movie)
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\Ant(Dude) @ http://antfarm.home.dhs.org / http://antfarm.ma.cx
/ /\ /\ \ Please nuke ANT if replying by e-mail privately. If credit-
| |o o| | ing, then please kindly use Ant nickname and URL/link.
\ _ /
( )
Diesel
2018-07-09 22:43:54 UTC
Permalink
Post by Ant
Post by Diesel
Post by mechanic
Post by Diesel
Post by NY
Texting suffers compared with a paper letter or an email in
that people don't write complete sentences and because of
limitations on the number of characters in a text (at least
historically) and the problem of typing on a tiny on-screen
keyboard, people become very terse and abbreviate words.
Those are additional issues with the communications method, yes.
Teenagers huh!
I've seen persons who are no longer teenagers do the same thing so...
:)
So? ICN! ..!.. ;)
ROFL!
--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit here:
https://tekrider.net/pages/david-brooks-stalker.php
===================================================
We are upping our standards... so up yours.
Mr. Man-wai Chang
2018-06-26 09:19:47 UTC
Permalink
Post by T
If you pick a good solid password that is not hacked by the
bad guys first attempt at running tables at you, why change
your password just to give him a second chance to
find you in his tables?  Changing your passwords constantly is
not a good security feature.
It's hard to remember if you change passwords frequently in many many
accounts.
Post by T
Keep in mind though that picking an easy password is even worse.
The best ones are run on phrases.  Mine are up to 30 characters.
You just canNOT escape from lucky hackers! ;)
--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
不借貸! 不詐騙! 不賭錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援
(CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
Loading...