Author Topic: Modern Life Is Rubbish (aka ‘Tech fails’)  (Read 10171 times)

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #50 on: 29 October, 2018, 01:47:57 pm »
Passwords don't really work, we all know this, merely adding more doesn't fix the issue.

Adding more stuff certainly ups the security. It's a bit like using a massive chain lock on your bike. It won't stop a determined theif with a petrol powered angle grinder, but it will stop your casual scrote. Most hackers just have an average abilty, so adding in an extra pass phrase thing will stop them.

I've just tried unlocking my phone using the wrong finger on the fingerprint scanner thing. After 5 attempts it just asks for the pin. Anyone who knows me or has been targetting me would probably be able to guess the pin - or get it after a few attempts (my bad).

The only time I have ever "hacked" anyone was an old (suspected of cheating on me) girlfriend's email account. She had never told me her password, so I just guessed. And you know how many attempts it took? One. It was the name of her cat she had as a child....
Those wonderful norks are never far from my thoughts, oh yeah!

Kim

  • Timelord
    • Fediverse
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #51 on: 29 October, 2018, 01:48:23 pm »
Yes, but for a minimal increase in security, it's creating maximal inconvenience. Passwords don't really work, we all know this, merely adding more doesn't fix the issue.

Well yes; modern life is rubbish.

Kim

  • Timelord
    • Fediverse
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #52 on: 29 October, 2018, 01:56:06 pm »
The only time I have ever "hacked" anyone was an old (suspected of cheating on me) girlfriend's email account. She had never told me her password, so I just guessed. And you know how many attempts it took? One. It was the name of her cat she had as a child....

Best one of that ilk I've managed was when presented with a laptop (for a bit of consensual fan and Windows maintenance) without the password.  Password hint was "middle name" so, armed with detailed knowledge of the owner's approximate age and gender, barakta and I correctly guessed "Louise" on the first attempt, thereby saving the effort of having to crack it.


The password-guessing scene in Clear And Present Danger remains one of the rare instances where Hollywood got it right, quite possibly by accident.  Disappointingly that doesn't appear to be on YouTube.

Beardy

  • Shedist
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #53 on: 29 October, 2018, 02:04:44 pm »
As a former sercurity professional, passwords were a bone of considerable contention between the IT security community and Product ‘owners’.

There is, as you probably know, a large body of research into the technical and psychological implementation of passwords. However, the grownups who ‘own’ the projects are neither interested in your knowledge of this body of research or more importantly how that varies from their preconceived opinions on passwords.
So the scheme that usually gets adopted and foisted on the poor end user is that which the grown up ‘just knows’ is the most secure usually against the recommendations of the person notionally responsible for security.
For every complex problem in the world, there is a simple and easily understood solution that’s wrong.

T42

  • Apprentice geezer
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #54 on: 29 October, 2018, 02:06:53 pm »
WRT passwords, is the most secure still supposed to be four random words separated by punctuation marks?
I've dusted off all those old bottles and set them up straight

Ben T

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #55 on: 29 October, 2018, 02:08:39 pm »
WRT passwords, is the most secure still supposed to be four random words separated by punctuation marks?

Not as secure as five random words separated by punctuation marks.

e.g. my lastpass password is an 8 or 9 word quote from a tv show, without spaces between the words - it is 40 characters long but only takes a couple or three seconds to type it.

citoyen

  • Occasionally rides a bike
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #56 on: 29 October, 2018, 02:14:38 pm »
Safari doesn't let you touch the password, it just offers you the ability to have Safari set the password and save it to the keychain. Which mostly works and as I'm all Apple these days, passwords are generally seamless and I don't have to remember them. Which is as it should be. Until people fuck with the forms or add weird extra layers on non-security. If you want secure, use two-factor authentication, not another fucking cryptic password.

The other glitch in this system is when you download an app that can't access the keychain so need to enter the password manually...

Today's tech fail was looking up Xxxxx Place on Google Maps via the phone app. I start typing Xxx... and Google helpfully comes up with Xxxxx Place as an autocomplete suggestion. So I select it from the list and... nope, apparently that place doesn't exist.  :facepalm:

If I try searching for Xxxxx Place via my web browser, it doesn't pretend the road doesn't exist but instead directs me to Xxxxx Street. Which is in the right postcode area, at least.
"The future's all yours, you lousy bicycles."

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #57 on: 29 October, 2018, 02:27:10 pm »


I've just tried unlocking my phone using the wrong finger on the fingerprint scanner thing. After 5 attempts it just asks for the pin. Anyone who knows me or has been targetting me would probably be able to guess the pin - or get it after a few attempts (my bad).

8088?

I have noticed that fingerprint scanners and manual labour are not a good combination.


Kim

  • Timelord
    • Fediverse
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #58 on: 29 October, 2018, 04:16:35 pm »
I have noticed that fingerprint scanners and manual labour are not a good combination.

Also camping.  Mine tends to stop working after the third day.

ian

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #59 on: 29 October, 2018, 04:33:11 pm »
I don't know who looks at a login page with a userID and password field and thinks, yup, we could improve that. But they should probably stop.

And another, credit card numbers, and the stupid forms that refuse to accept spaces because yes, modern computers couldn't possibly parse those out. (On the other hand there are clever sites that actually present the information exactly as though it's on your credit card, which is how it should be done so I'm not sure what the excuse is for doing it shitly.)

ETA: oh yeah, when I finally got around to calling British Gas, oh,you'll need to call Hive... Can you transfer me? No. I tell you, it was better when we used carrier pigeon, smoke signals, and facsimile.

citoyen

  • Occasionally rides a bike
Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #60 on: 29 October, 2018, 05:33:06 pm »
Talking of address forms on the web, I came across one the other day that refused to acknowledge my address because my house doesn’t have a number. Haven’t seen that glitch for some years. Used to be a regular occurrence though.

(Easily solved by making up a number - luckily such unsophisticated forms don’t usually have postcode checkers.)
"The future's all yours, you lousy bicycles."

ian

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #61 on: 29 October, 2018, 06:20:53 pm »
Yes, those – we also don't have a number. Mostly seems solved through the magic of a postcode. And the ones that insist on a county when you're in London or simply can't accept you don't have zip code and state.

Anyway, with BG, it turns out I tried to book an appointment that didn't exist. So there. I've no idea why I couldn't book a smart meter fitting, perhaps there are no appointments forever. I figure modern life is won one battle at a time.

Ben T

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #62 on: 29 October, 2018, 06:26:23 pm »
An example of people making far more of a meal out of things than is necessary.
For most purposes, an address doesn't need to be split out into multiple strings *at all*.
Not only do you not need to designate what line 1, line 2 etc are (Street, District, etc) but you don't even need to split it out into line 1, line 2 etc.
What's wrong with just one single text box ("textarea") that allows carriage returns? It all goes together on the envelope, so why does it need to be separate in the database?

Cudzoziemiec

  • Ride adventurously and stop for a brew.
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #63 on: 29 October, 2018, 07:14:05 pm »
Address forms that insist I must live in 'Avon' are  harmless but a bit shit, especially as there hasn't been such a county since about the same time there's been an internet.
Riding a concrete path through the nebulous and chaotic future.

Cudzoziemiec

  • Ride adventurously and stop for a brew.
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #64 on: 29 October, 2018, 07:14:58 pm »
WRT passwords, is the most secure still supposed to be four random words separated by punctuation marks?

Not as secure as five random words separated by punctuation marks.

e.g. my lastpass password is an 8 or 9 word quote from a tv show, without spaces between the words - it is 40 characters long but only takes a couple or three seconds to type it.
Surely that's going to fall foul of the cat's name/Louise thing, ie guessable by someone who knows you.
Riding a concrete path through the nebulous and chaotic future.

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #65 on: 29 October, 2018, 07:21:04 pm »
An example of people making far more of a meal out of things than is necessary.
For most purposes, an address doesn't need to be split out into multiple strings *at all*.
Not only do you not need to designate what line 1, line 2 etc are (Street, District, etc) but you don't even need to split it out into line 1, line 2 etc.
What's wrong with just one single text box ("textarea") that allows carriage returns? It all goes together on the envelope, so why does it need to be separate in the database?

Because a sizeable percentage of people won't put enough info in the textarea. Anyone checking the data will then have to spend ages sorting out the problems.

Storage doesn't have to be the same as how the data is requested, although most people fall for that assumption.

Ask for it in separate things (address line 1, address line 2, ..., postcode) with only the first address line and postcode as mandatory, then store all of the address lines together in the DB, with the postcode separate.

Most of this kind of thing has been dissected before, much like the "falsehoods about X" articles that exist, i.e.
* names: https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/
* time: https://infiniteundo.com/post/25326999628/falsehoods-programmers-believe-about-time
etc.

Ah, here's an addresses one: https://www.mjt.me.uk/posts/falsehoods-programmers-believe-about-addresses/
"Yes please" said Squirrel "biscuits are our favourite things."

mattc

  • n.b. have grown beard since photo taken
    • Didcot Audaxes
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #66 on: 29 October, 2018, 07:28:30 pm »
Reading GB's links, I feel sure we can all learn something from them. I'm writing this on my mirror:

"And as Bruce Sterling pointed out, I didn’t even think about what happens when the computer is on a spaceship orbiting a black hole."
Has never ridden RAAM
---------
No.11  Because of the great host of those who dislike the least appearance of "swank " when they travel the roads and lanes. - From Kuklos' 39 Articles

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #67 on: 29 October, 2018, 07:52:40 pm »
I still feel slightly guilty about programs I've written which contain a non-millennium bug which will fail in 2100.
"No matter how slow you go, you're still lapping everybody on the couch."

Ben T

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #68 on: 29 October, 2018, 08:09:41 pm »
An example of people making far more of a meal out of things than is necessary.
For most purposes, an address doesn't need to be split out into multiple strings *at all*.
Not only do you not need to designate what line 1, line 2 etc are (Street, District, etc) but you don't even need to split it out into line 1, line 2 etc.
What's wrong with just one single text box ("textarea") that allows carriage returns? It all goes together on the envelope, so why does it need to be separate in the database?

Because a sizeable percentage of people won't put enough info in the textarea. Anyone checking the data will then have to spend ages sorting out the problems.

Storage doesn't have to be the same as how the data is requested, although most people fall for that assumption.


I would have thought my theory would hold up in a situation where it's in people's own best interests to fill it in completely, e.g. to make sure a product gets delivered there.

Ben T

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #69 on: 29 October, 2018, 08:19:10 pm »
Ah, here's an addresses one: https://www.mjt.me.uk/posts/falsehoods-programmers-believe-about-addresses/

Another interesting one not listed: everyone knows that village and town names in the UK are duplicated, right? Loads of "Uptons", "Newtons" etc.
But surely POST towns are unique. No!
There are only a few post town names in the UK that are duplicated. Alford (Lincolnshire/Aberdeenshire) is one, can't remember what any others are.


Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #70 on: 29 October, 2018, 08:40:27 pm »
I think both the Farnboroughs (Hampshire and Kent) are post towns.

And on to my whinge. UPS. (This would be in the couriers thread but it's really about their website).
I would like to try to change the delivery options. So I follow the instructions on the bit of paper you stuck through the door. That gives a 404 error.
I eventually manage to get onto the site, register twice, (or at least start the process) get to what looks like a relevant page only to be told 'there is an error at the moment please try later'.).
So 'later' I try again. I need to reset the password. And I've been asked to log on about four times and still haven't got to the correct page.
Sigh. And none of it is that difficult, surely.
"No matter how slow you go, you're still lapping everybody on the couch."

Beardy

  • Shedist
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #71 on: 29 October, 2018, 08:57:32 pm »
WRT passwords, is the most secure still supposed to be four random words separated by punctuation marks?
The most secure passwords are random charecters from the whole ascii character set with as many characters as the password field will hold, with a different combination being used for each site/system. This is inconvient for the wetware to remember though, so the best approach is a password safe of some sort. I use 1Password because I can use it across different systems whereas Apple keychain is limited to apple kit. Now that Apple have relented and let us fanboys use 3rd party password apps natively on apple products, things have become a lot easier.

More on passwords.
Using word strings is not really that secure in these days of pocket supercomputers, though it probably helps to explain how your passwords get compromised.
These days ‘hackers’ don’t generally try and log in via the user interface trying lots of different passwords, either manually or with a computer. This is mainly because nearly all systems with remote access have a limited number of tries before locking out.
By far the most common and lucrative attack these days is ‘social engineering’ that’s to say the ‘hacker’ calls you up, or sends you an email and asks you for your password/pin. This is now very sophisticated with the ‘hacker’ knowing how to manipulate you emotionally. The next level up on this, is when they target someone, who they will research online first (Facebook, linked in, forums, Twitter, Instagram et al) so the can tailor the emotional manipulation. In this case, no amount of technical password security will help. Why try and fight your way in when you can get someone to live you the keys.
The second mos lucrative approach is an inside job, either instigated by a bad person already inside, or via the usual MICE (Money, Idology, Coercion, Ego) route. Either way, the aim is to get hold of the password table or credit card details. If they get a password file, then this will, most likely, consist of a list of usernames with their passwords. In nearly cases these days the passwords will be encrypted in some way, with ever more sophosticated ways of encryption being used. However, there are a limited number of ways commercially available, so the bad guys will have some idea what to try. BUT, the clever bit is that the encryption is ‘one way’, that is there is no way to decode the password from the stored information. When you enter your password to gain access, what you type is encrypted using the same algorythm and the resultant output is checked against the stored information. So the bad guy has a list of common passwords that he has encrypted using the same algorithm and he checks this list against the password file for matches. An experienced ‘hacker’ will have several lists of common passwords, dictionaries, dictionaries with common substitutions, common phrases and quotes, multiple words with and without punctuation. All encrypted using common one way algorithms. Once he has a match, he’s got your username and access to your account on that system. If you’ve used the same password everywhere, he’s got access to your online life. A recent report I read on a friendly attack suggested that after the first run against the password file yielded 50% of the file using just common passwords which took him a couple of hours. After several more runs, using more complicated dictionary attacks, the friendly ‘hacker’ had 90% of the file at his disposal, though this did take him a little over 36 hours.

So to reiterate, the best advice is to use a password safe ad get into the habit of creating a new password for each system you use. If at all possible, am for randomly generated character strings using upper and lower alpha, numerals, punctuation and other special characters and aim for 20 or more characters.

N.b. The above explanation is grossly simplified but hopefully will encourage you to use more secure passwords if you don’t already.
For every complex problem in the world, there is a simple and easily understood solution that’s wrong.

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #72 on: 29 October, 2018, 09:26:23 pm »
I would have thought my theory would hold up in a situation where it's in people's own best interests to fill it in completely, e.g. to make sure a product gets delivered there.

You'd be surprised - I used to run a little ebay shop and some of the crap some people put as their address beggars belief. Then again, you'd have thought an outfit the size of ebay would be able to autofill addresses from the postcode data like most normal sites can. And another of my pet moans - they insist on a county even though RM stopped using counties in postal addresses in 1996. Same with most other websites. How much dev time is wasted on maintaining pointless drop-down lists of counties? Why design a form based on making up what you think an address contains when you can just go on the RM website and it will tell you what you need to know?
Quote from: tiermat
that's not science, it's semantics.

TheLurker

  • Goes well with magnolia.
Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #73 on: 29 October, 2018, 09:34:48 pm »
An example of people making far more of a meal out of things than is necessary.
For most purposes, an address doesn't need to be split out into multiple strings *at all*.
And then some complete muppet (or smart-arse tester) puts in an address as one continuous line of text and then the application developers get complaints when the printed labels only have the first 20 or 30 so characters from that continuous line because the printers they're using are off the ark and don't wrap text to fit the printable area.  Nor does the item with the label get delivered because the Post Office* are not miracle workers and there are just far too many houses with addresses starting "Bide A Wee 239a Rhodendron Avenue..." for them to stand an earthly when trying to guess where it should go.

*Couriers don't count. They never bloody well deliver stuff even with the correct address.
Τα πιο όμορφα ταξίδια γίνονται με τις δικές μας δυνάμεις - Φίλοι του Ποδήλατου

Re: Modern Life Is Rubbish (aka ‘Tech fails’)
« Reply #74 on: 29 October, 2018, 09:44:55 pm »
Talking of addresses and postcodes etc. On more than one occasion when I've been working in my garage with the door open I've seen people come flying down the road expecting to be able to get through to the next street. They can't in a car. You can on foot or on a bike, but it would seem Sat-Nav mapping suggests otherwise. It happens very frequently. I might have to take a pointless drive just to check on my own Sat-Nav. Obviously once I get close to home I turn my Sat-Nav off as I know how to get home, ta. But out of towners are obviously being sent down my street by an irritating voice telling them they can get through.

Also - this is more luser than tech fail, but on more than one occassion I've had a car pull up outside my house and call out "Scuse me, mate. Is suchandsuch a road near here?" And I'm all like - "Never heard of it". So I go and help him out. Have a look at his Sat-Nav, then he shows me an address. Now My post code is CM1 2xx. There are parts of Basildon that have CM12 xxx postcodes. You can see where the error has occured. So I'm like "Mate, you're not even in the right town!" Do people not even bother looking at road signs anymore?!
Those wonderful norks are never far from my thoughts, oh yeah!