Age and the internet.

Interesting table from Hive security systems:

View attachment 68885
I looked into something similar recently to reassure my writing group it was unlikely someone would discover our shared Google Drive without having access to the link. The number of years in the bottom right corner of the above graphic are likely the number of years it would take. The URLs include strings like this: 15_Iom36PVUAaB4k0Nfr73ri6C41buvy9sDXes-SVFw - imagine if that string I've made up actually goes to a Google Doc?! Ridiculously unlikely.

The maths from one person to try and guess such links included working out such as "Specifically, the sun's energy is only sufficient to count to 2187 per year, meaning it will take 276 years with our own sun, 275 years if we could harness 2 suns, etc. You might barely have enough power to count to 2256 if you were to power your computer with the supernova destruction of every star in the Milky Way Galaxy. So that's getting somewhere."
 
I would bet that sophisticated hackers use better tools than straight guessing. The length of time that the chart shows certainly makes an important point, but I DOUBT it's accuracy in a real world scenario.
 
I would bet that sophisticated hackers use better tools than straight guessing. The length of time that the chart shows certainly makes an important point, but I DOUBT it's accuracy in a real world scenario.

I would expect by "guessing" they mean that the hacker is using computer programs to guess the password rather than them doing it manually. These guessing engines do use more than just guesswork. They will run common phrases and terms that often appear in passwords and such. If the hacker is really keen they'll also use data mining methods like those "name your favourite icecream" things on facebook. They'll harvest that data from a whole load of users and a whole rafter of questions knowing that some of those questions often form the foundation of a password (eg pet name). They can then correlate that with a specific account and then the guessing engine can be pre-loaded with those terms and use them in a variety of ways to try and guess faster.

The other impact is changing your password. In theory not only should you be using a long, random secure password, but also changing it. That way any hacking attempt is thwarted by the fact that the password has changed. Of course there are practical limits for most people in what passwords they can remember and change and keep remembering. So often as not very secure online passwords might be written down on paper - a very big weak point in security, but fairly safe from any online-only hacker unless they get a keylogger into your computer (it reads the keys you press when entering the password) or a trojan website (it pretends to be the website and then steals your password when you login*).

In a practical sense you can often be fairly safe with weaker passwords on things like forums; the critical areas are things like paypal, amazon, stores with auto-buy options that you've enabled, email etc... Ergo places where your personal, financial and other such data is stored and accurate. Often people slip up because they use the same password everywhere. So a website with weaker anti-hacking protection gets breached and then the registered email and discovered password get used on a whole bunch of other websites.

Mining user data and linking up user data is a big part of hacking. Again you can start to protect yourself more if you use different emails to register on different websites. Though, of course, the more layers you introduce the more you have to remember and hold together.

*This is why you get those fake emails that tell you your paypal/amazon/whatever account is being limited and you must login right now with this link to unlock it .
 
In a practical sense you can often be fairly safe with weaker passwords on things like forums; the critical areas are things like paypal, amazon, stores with auto-buy options that you've enabled, email etc...
I agree with everything you just said, although, it seems those weaker places are often attacked just for fun, and targeted because they are known to be weaker in their security as a whole.

I would add that since many people are going self-employed, and working in businesses from home, often using social media like Twitter, Instagram and Facebook as a platform to sell goods on eBay, those social media platforms have poor security, and while you may not hold financial information on them, being hacked and without them for any period of time could severely affect your profitability. It probably isn't a great business model to use.
 
I think it’s becoming harder and harder for folk to follow the advice. They say it has to be aplhanumeric, upper and lower case and should be different for different sites. That’s all well and good but, following that advice, every password should be a complicated mixture of symbols, letters and numbers and should be different for each site. How many people could remember a wad of passwords (we’re not supposed to write them down).



Another thought: banks have recently been trying to shift more fraud responsibility on to their customers, how long before somebody is refused help because their password was too weak?

In my old workplace, I had to create a new password every three months and my new one could not be the same as my last seven passwords. This was a complete pain at the time but it helped me formulate my own password technique based on information known only to me (and not available on any social media site).
 
That’s all well and good but, following that advice, every password should be a complicated mixture of symbols, letters and numbers and should be different for each site. How many people could remember a wad of passwords (we’re not supposed to write them down).

Point the first: The guy who came up with that convention later admitted he had no idea what he was talking about (that's a bad article but a quick read). It's actually very annoying when we're made to use the convention, even on worthless logins that I don't care about!

Point the second: We're not supposed to write them down but at the same time, why not? I have some written down in a notebook in a stack of notebooks, and honestly, if someone robbed my house, them knowing some passwords would be nothing compared to the damage they'd already done. Plus the financial ones are just hints (vague hints with specific stuff only known to me). Plus I'd just change them straight away too.

Point the third: The best passwords are not words at all but rather phrases. A passphrase of multiple words is actually way harder for a computer to guess than the uppercase numbers and symbol ones.
password_strength.png

Weirdly, PayPal and other financial ones actually have character limits stopping you from using really secure passphrases.
 
My personal work around for passwords is a program "Keeper." I can access it through a pretty tough password 10+ random numbers, letters, and symbols which opens the program where I have all the rest of my passwords kept. And most of those are generated randomly so no amount of knowing me well helps to guess the passwords I use on anything important.
 
On updating obsolete phones.

To do this you would need the same footprint on the new device as the old on. Nowadays it's virtually impossible to re-solder a component back on to a PCB. Some of these devices have over 400 connections in the form of little dots. In order to check that every dot is connected to its pad on the PCB manufacturers have to x-ray the board. One connection fail is a discarded scrapped PCB because to remove it takes more time and money than chucking it and making a new one. (hey plastic bags is the ultimate example). That's before the issue of the woman hours involved in doing it.

This was all made more difficult by the introduction of lead free solder - but that's another story.

Consider the time to. (these would be manual tasks)
Test the phone is fully working and has no damage.
Take the phone apart.
Remove the PCB
Locate and the old part.
Apply de soldering techniques for that specific part usually a localised heating gun).
Check for missing pads (as a result of wrenching the old chip off)
Clean the connections of old solder.
Manually apply solder to each of those 400 pads.
Place new component on old pads
Heat the new chip locally (so other components don't come loose) with a heat gun.
Allow smoking ruin to cool and hope none of the tracks have been damaged.
X-ray connections to check they are connected.
Test the phone to see its fully working
Package phone in new box.

These are just a few of the steps. all of the above can be automated with a new phone.

For example the soldering for all components is done at once with a temperature controlled system

The components are placed by machine

The X-ray is done via automated visual inspection machines with a pass/fail comparison of the whole PCB.

Assembly of the phone is nowadays done automatically (think car assembly)

In fact most old phones find a home in the third world where 1g is a thing of the future.

On Passwords.

Passwords are great, but the problem isn't some hyper computer trying random combinations of letters and symbols its people revealing them to other people while they look over their solder, leaving your phone unlocked (or even worse lending it to random people say when they see a youtube video), people with revengeful partners having affairs, leaving their Bluetooth etc. active, best of all sticking it next to their monitor. But there are countless ways in which people "tell" other people their passwords without the need to resort to messy methods.

Don't get me started on cookies.

Oh and another thing about lending your phone to others.

You may be very charitable, but if you're selective in your donations never allow someone else to possess your phone. A quick "GIVE 10" to 966445 quickly followed by delete message can be expensive.

Unless you have a fondness for alley cats or other people's bank accounts in general.
 
On updating obsolete phones. To do this you would need the same footprint on the new device as the old on. Nowadays it's virtually impossible to......
These are completely matters of design. You only underline my point. Our throwaway society is one which is not built upon reuse, but rather upon making reuse totally impossible, and as someone said earlier, that simply cannot change overnight, but is that an excuse for saying it cannot be changed?
 
These are completely matters of design. You only underline my point. Our throwaway society is one which is not built upon reuse, but rather upon making reuse totally impossible, and as someone said earlier, that simply cannot change overnight, but is that an excuse for saying it cannot be changed?
Agreed, but making do and repairing something yourself does not create cash for the manufacturer. So they lean into one of the most anger inducing statements: "planned obsolescence."
 
These are completely matters of design. You only underline my point. Our throwaway society is one which is not built upon reuse, but rather upon making reuse totally impossible, and as someone said earlier, that simply cannot change overnight, but is that an excuse for saying it cannot be changed?
I completely agree with the sentiment behind this. But just the sentiment.

There is a point of technology where you physically can't fix it yourself, but up to there, things should be designed to be repairable.

Take a phone screen, that should absolutely be replaceable, the battery as well, maybe the ability to fix things like damaged ports. Beyond that, it's too complex to be fixed by an end-user.

I find things like computer 'assisted' tractors abhorrent though. A tractor does not need a computer, and our food security shouldn't be tied to corporate goliaths. Same for GMO seeds, I like them, but not how they design them to need replacing each year.

But yea, tangent over, repair and reuse where possible, but for some things, it just isn't.
 
I like to repair as much as I can but it’s getting harder to find the parts. I used Maplins a lot in the years gone by but they are long gone. The last significant repair I made was to my Line 6 PodXT. It’s a digital amp modeller and almost 20 years old. I found only one outlet that sold the branded part in the USA. Then, I discovered they didn’t ship overseas.

It took me ages of searching to locate the part I needed.Then, I discovered that the minimum amount I had to buy was 25. Luckily, the unbranded components were fairly cheap (and a hell of a lot cheaper per unit than the branded parts). I bought the 25, made the repair and still have 24 spares. They don’t make it easy for us make-do-and-menders :(

P.S. I’m assuming computer controlled tractors are for ploughing extremely straight furrows. My own scorn goes to internet fridges. I’d love to be a hacker and do a mischievous mass overnight defrost.
 
I’m assuming computer controlled tractors are for ploughing extremely straight furrows.
Alternatively, they could make some very complex Maize Mazes :giggle:

Without a human driver, seating, driving controls, glass windows and all the safety features required, there would be a huge weight saving. Less weight would mean considerably less soil compaction. I'm guessing that might be the reason?
 
Oh no, they're like computers in cars. They still need drivers, they do the same as any other tractor, but when they break only the manufacturer can change anything because if anyone else tries it just bricks them :)
 
Well, that does seem pointless. I was thinking they were using GPS tracking.

To return to the OP theme again, the idea of technology making things things more complicated seems wrong to me. If the technology isn't making something easier/ more simple/ less physically or mentally demanding then there is no point to having it at all.
 
I think part of the problem is the child in a sweetshop syndrome. People develop technological equivalents to other methods not because they are actually needed but simply because they can.

I was reading an article recently on a digital pregnancy tester. When dismantled, it was found to contain the same paper test that would be used before the advent of electronics. The digital part simply displayed the information from the test.

A simple instruction on how to interpret the results from the paper test would suffice and wouldn’t generate the e-waste (it was a one-use test).
 

Similar threads


Back
Top