Former General Electric boss explains how he got the internet wrong In San Francisco this week, Cloudflare held its fourth Internet Summit to discuss the state of the industry, in keeping with the norms of navel gazing and self-fascination that afflicts Silicon Valley. The topics of concern recalled other events with the words "internet" and "summit" that have occurred over the past two …
<quote>Felt pitched password managers. "For the longest time, I was too prideful to use a password manager," she said. "Then I got locked out of basically every account."</quote>
Honestly, I think that password managers are a horrible single point of failure. Personally, I think a reasonable password along with 2FA and/or biometrics is a better approach than inventing unmemorable passwords all stored in a single place.
Honestly, I think that password managers are a horrible single point of failure.
Agree, but...
Personally, I think a reasonable password along with 2FA and/or biometrics is a better approach than inventing unmemorable passwords all stored in a single place.
2FA is only available on a handful of services. Just thinking for a couple of minutes, I made a list of 20 different passwords I remember. Probably the only reason I can remember them at all is that I reuse passwords for unimportant sites. And there's a lot more passwords that I would never remember, like my frequent flyer account, or my cell phone provider social network; those I pretty much need to reset every single time.
Which means essentially, rather than a password manager, I manage my passwords by reset emails sent to my email account... Which is also a single point of failure, though at least it does have 2FA...
2FA is only available on a handful of services.
More than you'd think:
PayPal's is particularly annoying though, you need a link they don't have on the new version of the website to use proper 2FA instead of text message and run a python script to make it work on something like FreeOTP+.
I have a password manager for my home PC - it's a text file. It is there for my convenience, given that nobody but me uses my PC.
Because it is a text file, I think it will fly under the radar if ever my machine is hacked. I imagine hackers are looking for programs in memory, not all the text files on disk (besides, this one is on the NAS, so if I'm not connected, it's game over for finding that).
well I have a system, and I'm not sure I will recommend it, but it works for me. I too have a mistrust of password managers, because it means I have to have a device available at all times to logon.
So i store all my passwords on my cloud email account. However they are not stored in clear text, but using a hints and algorithm that only mean something to me. So to get the password I only have to remember my email login. Filter my password emails, and then apply the algorithm and hints.
This means that I can store my information in public, but only in a manner that means anything to me.
Not sure whether this is more/less secure than a password manager, but works for me
they are not stored in clear text, but using a hints and algorithm that only mean something to me
There are advantages to the file-of-hints approach. It does leak some information, but it's difficult to see how to put that information to use without an extensive world model (where the "world" is your experiences).
It suffers from some significant failure modes, though, such as survivability. I handle most of our financial stuff, so my wife doesn't have the login credentials for many of our accounts. Years ago I made a long list of them on paper and put them in our fire safe, but I haven't kept it up to date - they change too fast. (Same problem with just telling her when I have to set a new password or create a new account.)
I'm probably going to have to switch to using a multiple-device synced password manager just for this use case.
I have a password manager for my home PC - it's a text file.
Substitute a set of HTML pages for 'a textfile' and so do I, but my pages are on a password protected encrypted partition on a server, so inaccessible to anybody who nicks either my laptop or that server. In addition, a username and password is needed as well as the usual Linux login to access the password collection from either machine.
Jeff Immelt never really understood digital strategy , and it highlighted by the problems that traditional HW companies have embracing the cloud etc.
While he is right in that system connectivity and large data analytics are big drivers in the future, companies like GE, Siemens etc have over the years ensured that their systems are mutually incompatible. You only have to look at the plethora of competing industrial protocols that are out there, each with a industry champion. Therefore they make poor industry aggregators. If you compare them with a company like google, who basically whole existence is based around data integration, its not hard to see where the driving force will be.
There is also the question of who owns the data. Its all very well suggesting that a company puts its system data in the cloud. The bigger question is who has access to it and who owns it. This is especially difficult if the hosting service wants to profit from analysis of it. (Something which google has been doing for years, but companies generally value their data more highly than individuals)
There is also a culture clash. Traditional industrial equipment are conservative devices, generally self contained. Digital services are fast moving,agile and interconnected. At some some point there is a clash and trade off, usually with security
The final issue is that GE approach was we will build these services and they will come (field of dreams principle). However they spent little time thinking making it easy for companies wanted to connect to the services, what cost model to use. Again this is industry process thinking. Configuring a industrial system generally involves editing 30 unrelated config files and then not touching anything in the hope it does not break. If Apple had designed a industrial system it would consist of one button which said connect. Guess which approach GE went for. Cloud also means that costs become far less transparent. You can be charged by the MB stored, CPU time, bandwidth or a plethora of other metrics. Again it makes it difficult to monitor and control costs. Fine in the high margin digital world, but industry margins tend to be low margin
Finally the issue was over estimating your size and strength. While GE has a huge captilisation, it like many other nuts and bolt operations are quickly become dwarfed by digital power houses. Also because they tend to have less investment in infrastructure, they can quickly capitilise large projects. GE found quickly it could not afford to setup its own server farm, and now relies on AWS. This shows where the power now lies in the new world order
Immelt was only the most recent in a long line of GE managers who got it wrong.
GE was running trans-Atlantic time-sharing in the late 1960's. It was worldwide in the early 70's (meaning US, western Europe, Australia, Japan and probably a couple of others I've forgotten). The "Information Services Business Division" used email for its daily business from the early 70's - long before it was legally permitted to offer it as a service to others.
Some observant folks might have noticed that GE's class A (in old-speak) IP block is 3.xxx.xxx.xxx. That's right - the first one allocated (0, 1 and 2 were reserved). By contrast, Apple's is "17" and Microsoft is "92".
We GE folks were there in the early days and helped build it all. Then crass, stupid management pissed it all away. Immelt was not the worst, just the most recent.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
