Posts by Doctor Syntax

"Couple of weeks later, big company meeting - management buyout, everything will be fine."

That should be a trigger to change all the passwords. Not so you'll access the systems after you've been made redundant but just to make it clear that making IT staff redundant isn't the best idea.

Re: don't spoil the magic

That depends on whether you want a reputation as a hero or magician.

If there was a quality management system in place swap the eating sandwiches and doing paperwork times.

Re: I'd say to hire them...

"Then, if they decide they enjoy their new job, perhaps you can put them to work debugging your source code to remove all the security holes you've obviously missed."

As they seem to have worked substantially if not entirely via stolen credentials I don't think that would be productive and given their lack of operational security I don't think I'd trust them to harden anything.

"Dear?"

Yes. Quite expensive in the long term.

The thundering noise you here is massed spammers jumping with joy.

Re: I think I have the problem

The great debate aeons ago was whether the next language would be D or P. It depends on which character sequence you're using in which C follows B.

Re: Not a Language?

"You can say the same about Welsh"

Even the bit about integers?

Re: Aria Beingessner

"is you more than one person?"

Fair question as we don't use 2nd person singular pronouns any more.

Re: Nothing new, kinda pathetic really

"it isn't that long since I was using the college Vax"

It is, but only when you stop to think about it. Welcome to the club.

"I wouldn't give him more than a kopek"

You wouldn't need to. He & his cronies would steal the rest. This is part of the problem. They've run out of things to seal in Russia so now they're trying to steal a whole country.

Re: What to do?

No problem. Start bankruptcy proceedings in the country where the assets are. Watch the value of the CEO's shareholding start to slide. Accept the cheque.

Re: What's the fallback mechanism?

"and it's very *easy* for commentards to laze around on comment threads poking holes."

We don't actually get advantage from poking holes. Others do. You shouldn't assume they aren't doing.

Re: What's the fallback mechanism?

A PIN contains very much less entropy than a strong password. Biometrics have their own set of issues some of which have been mentioned in this thread.

Re: Microsoft already nailed this

"I keep sole control of my mobile device"

You intend to. People generally intend to keep control of all their possessions and yet things do get stolen.

"I don't even get that much in the way of spam on my landline"

In my case I think it was a result of getting them to "hold the line a minute" until they realised they'd been had and hung up. I must be blacklisted. To my great sorrow I missed the only call I think might have been from Microsoft.

Re: Who are these people?

"TOTP is a standard and works. It has no dependency on any particular organization."

It still has the disadvantage that as it's sent to your phone (or more accurately your phone number) whoever has the phone with that number is you.

Re: Who are these people?

Very simply put, you create an account with SomeOrg and agree with SomeOrg that "this magic token" is associated with that account. The token itself doesn't identify you

It's normal practice when you create an account to use an identity to do that. These days banks are very careful about establishing identity to cope with money-laundering legislation (unless, of course, you're handling sufficient funds to make money laundering worthwhile if not the object of the operation in which case the bank will be delighted to give you an account in the name of any off-shre shell company you choose).

Where was I? Ah, yes. Account. Identity. No, the token itself doesn't identify you. But the token is associated with account so we have Token > Account > Identity. That's what I'd call indirect addressing. For some purposes it might be enough or, depending on the purpose, too much.

Re: What's the fallback mechanism?

"That's a lot of usable phones lying around in drawers just as identity backups"

Apart from any other consideration that's also a lot of phones identities lying about to be nicked if you're burgled. Plus when you really need them you'll find that the battery life has decayed to 2 seconds and nobody local stocks that odd battery size any more.

Re: The way I read this...

"You're understanding it wrong, because this is not about protecting you"

So far so good but moving on from there, it's to benefit the usual suspects' grip on everybody's data. Any benefit to the man in the street is incidental.

Re: It is a company culture test!

This is very often true of recruitment but not deliberately so. Sometimes there may be an attempt to hide the company culture. These are the ones to worry about but you're not likely to find out until too late.

Re: This process is widespread at Canonical

Example by someone to a similar grammatical wrangle a little while ago: "See who's at the door and ask what they want." I don't think it's assumed the reply to the first half would be "Jehovah's Witnesses".

Having said that it can still be jarring.

The cynic says there's a third - they have a task that needs expertise they don't have but they reckon can be done in 3 months.