Literally read this while loading an old Famicom disk game into a Nintendo disk drive. Thirty years and it not only still works, it was more capable by its design. Nothing wrong with magnetic media, but good luck on your modernization effort.
Floppy disks are not manufactured today. Maybe there is nothing “wrong with magnetic media”, but there is definitely something fishy about running your business on equipment that can only be replaced with used stock & the various supplies of NOS floppies.
Floppy disks are also extremely difficult to repair, and realigning a misaligned head requires equipment and media that is difficult to find and expensive to acquire. If you never had to adjust the head on a floppy disk—well, let me tell you—you have to get a special floppy disk to realign it and use an oscilloscope to read the signal test pattern from the special disk while you realign it.
“Not manufactured for over a decade” and “requires specialized equipment and training to repair” is a bad combination.
To be clear, there are a lot of scenarios where floppies make sense today. You may have an old CNC machine or an old chemical sample analyzer that takes floppies, and it may cost five or six figures to upgrade.
The thing that's wrong with magnetic media (specifically the floppy disc and audio tape) is that the head is in contact with the medium, which slowly wears it out. It only has a certain number of uses before it dies (also, the plastics will probably disintegrate at some point). Hard disks are much more reliable for longevity. Not sure about flash (or backup tapes - I assume they've been designed with longevity in mind)...
Fascinating study. It would carry more currency with me if the ngrams used were learned through ML and corpus training rather than heuristics. It is assumed these ngrams are particularly useful markers today. The significance in their absence doesn’t seem to be part of the research. When there is such dramatically “off the chart” data such as this, you need to start looking under the hood at other factors. Studying individual authors would be a good start. Other factors may also include the editorial process. Publishers tend to have common nuances they like to conform to. Could the editorial process explain why some of these nuances are widespread? It’s also worth considering that technical language (computing, for example) made great leaps around this same time period and bled into common parlance. Social media, which is cited here only as a loose correlation, also altered the brevity of writing, which changed how we use and communicate language - but it’s a far stretch to call these subtle changes distortions, at least beyond letting Jack Dorsey fuck up our use of language. The authors argue that the meaning of these ngrams hasn’t changed, but their application sure has. Overall it feels like a great area to study, and as good science does, presents more questions than it does answers. There is much more to explore here though before we can conclude the entire world is depressed. I am not an expert in linguistics, but I do feel as though there is a modern element missing from this research.
> Fascinating study. It would carry more currency with me if the ngrams used were learned through ML and corpus training rather than heuristics.
I would have significantly less confidence. How would you learn such a set? You then would need a set of texts that are clearly labeled from people with cognitive dissonance and without. I don't think such a set exists. Also note that the n grams have been tested previously for individuals (ref 17 in the paper)
Your post points to another interesting line of research (and maybe that is what you meant), can we find correlations between the language used in previous periods of unrest, e.g. in Germany the period of WW2 and other periods.
> It’s also worth considering that technical language (computing, for example) made great leaps around this same time period and bled into common parlance.
The authors specifically mention this, but it should bias the results in the other direction, i.e. technical work has less prevalence of the ngrams according to the authors (I'm unsure if they tested this).
>. Overall it feels like a great area to study, and as good science does, presents more questions than it does answers. There is much more to explore here though before we can conclude the entire world is depressed.
Note that the authors are very cautious about making any such claims and in fact acknowledge the question if applying these markers to societies is valid
> I am not an expert in linguistics, but I do feel as though there is a modern element missing from this research.
I'm not sure I understand. To me it seems like quite solid research (although I admit I don't know much about CDS markers...) without using some hype methods like ML just for the sake of it.
> Studying individual authors would be a good start.
Or even taking a random sample of the ngrams to manually verify their usage hasn't changed over time, plus a random sample of texts to check that depressive sentiments weren't previously expressed in different language.
First, I’m so glad this turned out to be hypothetical, and you didn’t have to suffer through such a catastrophic loss. Second, if you had actually suffered such a loss, your digital life would hopefully be the last thing on your mind, and you’d just be glad to have your life and your family - the only real things that matter in this world.
That said, planning a strategy for offsite data storage or a secondary authenticator is of course wise. A safety deposit box or other offsite location that you can frequently refresh and keep up to date would be a good investment. If you’re worried about keeping a master key to your life in a single place, you could separate your data and your authenticator. The how likely depends on your threat model, several people on this site may find it insufficient. To whatever degree you obfuscate or complicate your recovery path, you also increase the risk of losing access to it yourself.
You might also consider it’s not necessarily the “thing you have” that might go MIA, but due to physical injury, age, or just forgetfulness, the “thing you know” could also be at risk. I realize this the older I get. Finding a secure way to store a master password in the event you cannot recall it, or perhaps in the event of your death, is something you may also consider. In this case, I would avoid a cipher or something else you’re likely to forget.
Can't agree more with the last paragraph. Not too long ago, due to my keyboard breaking, I was forced to type my password manager's master password on an unfamiliar keyboard with an unfamiliar layout, and I just blanked. I type it frequently enough on my phone, so I tried typing it there too, but probably due to a combination of mild distress and actively trying to think about what I was typing I couldn't do it there either. I eventually decided to try again later and later that day I managed to type it correctly.
Rest assured, this situation probably sounds as bizarre as it felt. Randomly forgetting something I type every day isn't something I had considered a possibility until then. Maybe a password without as many non-alphanumeric characters would've aided in avoiding this situation, but I get the feeling it could've happened with any muscle-memoried password.
A user was having a really bizarre problem: They could log in when they were sitting down in a seat in front of the keyboard, but when they were standing in front of the keyboard, their password didn't work! The problem happened every time, so they called for support, who finally figured it out after watching them demonstrate the problem many times:
It turned out that some joker had rearranged the numbers keys on the keyboard, so they were ordered "0123456789" instead of "1234567890". And the user's password had a digit in it. When the user was sitting down comfortably in front of the keyboard, they looked at the screen while they touch-typed their password, and were able to log in. But when they were standing in front of the computer, they looked at the keyboard and pressed the numbers they saw, which were wrong!
My employer made me use an SOE Macbook that had the 'butterfly keyboard'. Many of its keys would only work haphazardly. Once I made the mistake of setting my password using the laptop's keyboard instead of the external one I normally used. It had me going for ages before I realised there was one letter in the password missing!
I find it incredibly annoying that my iPad wants to automatically capitalize the first letter of most text-entry fields. I heard somewhere that some sites have made the first char of their passwords case-insensitive because of this, but IDK if this is just lore.
I used to work at a company that had some LoB apps used on iPads in a manufacturing facility... if the user login failed and the first character of the password was upper case those apps would retry with it lower case.
Not on the client-side! Sometimes it happens when you're typing the first char, in which case you can hit shift (which is visibly activated) and then type the char. But sometimes it 'autocorrects' when you hit the return key, and the only workaround I've found is to type the password with the first char doubled, and then go back and delete the first of the doubled chars. Not fun, especially when you're navigating the cursor on a touchscreen!
Being fed up with people asking to use my laptop (some 20 years ago), I cleaned its keyboard and put the caps back on at random. "Yes, of course you can use it, here you are! Oh, sorry, I forgot the keyboard..." Peace and undisturbed working ensued...
Many people with mechanical keyboards (as in non-disposable keyboards) can probably relate to this, having put some keys back the wrong way after cleaning.
It's why the das keyboard with blank key caps was my favorite I've ever owned. It forced me to actually touch-type, rather than touch type the common keys and look for the rest.
Few years ago I went to a store and paid with my card and 4-digit password. Not 20 minutes later, at another store, I just couldn't remember the password anymore, missed it 3 times and got my card blocked.
I had to make a new card because I couldn't remember the password to unblock it at the bank.
I had that card and password for 3-4 years at that point, wasn't under any stress at all, and nothing like this had ever happened, nor happened again.
A year ago, I had to go to a bank office and engage in some verification process that also required me to use the physical bank card with its preassigned PIN.
No matter what I tried, I hit the 3-try limit for the day, and opted to have the same preassigned PIN sent by mail to my home address.
When walking back home from the bank branch I realized the mistake I had made: I had entered the correct PIN, but had typed it in calculator/numeric keypad order, and not in phone/PIN pad order.
While I've never used that PIN on a numeric keypad for a PC, somehow my brain associated the numbers with their order on a PC keypad, since I had used my PC keypad to unlock my PC with a PIN numerous times more than I had used any card terminal with a PIN.
So, the next day, I returned to the bank branch office to try the same operation again, and indeed - I had correctly entered the PIN and the online banking transfer limit ended up adjusted just fine.
For the past decade and a half, possibly longer, Japanese ATMs have replaced their physical keypads with digital ones where the numbers are randomly placed. Imagine my surprised when the first times I tried to enter my PIN, it kept failing until I took a good close look at the numbers.
Had the same experience. Went to an ATM one night and the PIN for my card that I'd used several times a week for probably a decade was just... gone. Never before, never since.
I once forgot root password to my FreeBSD installation, I spent a lot of time trying to remember it but failed. So I did a reinstall, and obviously recalled it when prompted to come up with a new one.
Completely out of the blue I forgot my PIN, the PIN I had used every day for years. I was at an ATM trying to withdraw cash, got it wrong twice. It was just gone.
Luckily I cancelled it before the machine ate it, but I had to borrow money from someone to get a taxi home.
I had to request a new PIN and I still can't remember what it was. I now keep my pin in my phone under a contact.
I’ve had the same experience. Walked up to an ATM for the second time in two days and my 4-digit PIN was simply gone from my memory. I never figured out what it was.
That was almost 30 years ago, and thankfully it hasn’t happened again.
I use my ATM so infrequently that it's happened to me a few times. I get cash reups selling stuff on Craigslist so I need the ATM like once a year. Luckily my ATM is right next to an in grocery store branch so resetting the pin is 3-5 minutes talking to someone irl
I've had this happen to me multiple times, and more often now that so much payment is contactless here (even though I still have the same code as when it wasn't). Additionally, something as simple as a different machine (the most recent instance was a touch screen) can throw me off as well.
I went for a week holiday and when I came back I couldn't remember the alarm code. Had to call the boss at 7am with the alarm blasting in the background.
I had a similar problem once. I normally use the dvorak layout but was on a qwerty keyboard. I don't remember exactly why, but I had to muscle-memory type the password as if the keyboard was dvorak and manually remap the characters using an image of a dovrak layout on top of a qwerty keyboard.
> My approach to that is to follow xkcd advice with an emergency password which looks less like a random string but more like a real world phrase.
Yeah, for my master password, I use a slightly misheard line from an episode of a 90's TV show. Googling my misheard version in quotes only gets 6 hits, and it's 30 characters long, so very unlikely to get cracked even without replacing letters with symbols or adding a suffix.
It reminds me of the time I tried to type my password on a keyboard with a French layout, but responding as if it had a US layout. It turns out, even if you think you know where all these special characters are, finding them under pressure (three tries before you're locked out) with misleading visual cues is hard!
Some countries even use more than one keyboard layout, so I try to stick to special chacters that dont change from keyboard layouts. Like dot comma and space.
Had that happen with a four digit numeric bank pin once, and several times since then with pass phrases. I tend to get stuck on whatever wrong pattern I entered first and have to try again later.
>but I get the feeling it could've happened with any muscle-memoried password.
I can confirm this. Many years ago I had to type for the first time a password on a classmate's iPhone (smartphones were just beginning to become common). The problem was that I didn't really know that password: what I remembered was a shape I was "drawing" onto the keyboard, which involved the numeric keypad... You see were this is going. That event was the one that led me to finally properly memorize that password.
This happened to me, I forgot my Android "pattern", the swiped pin-like thing to unlock the phone. I didn't have a password set. I was able to factory-reset it with my Google account password but I lost recent files that hadn't yet been backed up (photos etc).
I just totally blanked. Like you said, the more I thought about it the less I could remember what it was like. It was really scary.
My method of solving this is to only use familiar, well known information about myself as my master password. It's > 50 characters and contains addresses, old ID numbers, my public library card number, account numbers, old usernames from 5th grade (I've never seen another username even remotely close to either my first IRC name or my geocities username). I usually get the order wrong the first time I try it, but correct on the second or third.
Mild distress? I don't think that is so rare.
But, why are my phone numbers not in the same order as my keyboard numbers!
At my bank i drew a blank and had to sit at the assistants desk/ keyboard to fire off the muscles to enter in my old pw, in order to enter in an otu pw they'd generated.
A small annoyance is when I need to change my iPhone passcode because of it being work managed. The keyboard used during that reset is slightly different to the regular iPhone keyboard.
> Second, if you had actually suffered such a loss, your digital life would hopefully be the last thing on your mind
It isn't though. Access to your digital resources is vital to recover from the loss. You need an e-mail address to arrange contractors, you need your contact list to reach out to friends for help, you need access to your bank accounts, your cloud-stored scans of your ID cards, ...
No. People have been trained to think they need an e-mail address for real-life things, but they don't.
I had a roof replaced in my last place, which involved multiple contractors and insurance companies. No e-mail. No text messaging involved.
I recently moved to a new city, and setting up utilities, dry cleaning service, parking garage, etc... probably involved a dozen new accounts. I gave my e-mail address to none of them. Depending on the disposition of the provider, I either told them I hadn't set up e-mail yet since I moved, or just a flat "no."
you need your contact list to reach out to friends for help
If you're over 40, you can remember the days when it was perfectly ordinary to remember the phone numbers for dozens and dozens of people and businesses. These days, we've allowed computers to think and remember for us (hello, Stackoverflow!) so we don't have to. Memory is a normal skill that many people have lost or neglected.
you need access to your bank accounts
That's why it's important to have your bank accounts with an actual bank, with actual branches, and actual human beings to help you when human being things go wrong in the real world.
your cloud-stored scans of your ID cards
I can't even wrap my brain around why you'd trust information this important to a rental computer a thousand miles away.
"Everything digital" is a marketing tool. In reality, it only works when it works. When things go wrong, digital shows its fragility.
>> If you're over 40, you can remember the days when it was perfectly ordinary to remember the phone numbers for dozens and dozens of people and businesses. These days, we've allowed computers to think and remember for us (hello, Stackoverflow!) so we don't have to. Memory is a normal skill that many people have lost or neglected.
Heck, if you're over 30 you remember this. The problem though is that you remembered those numbers because you dialled them frequently from memory (and, at least in my location, landline numbers were much shorter than cell phone numbers). If you're not doing this on your smartphone you're never going to be able to remember the numbers. e.g. I can remember all of my childhood friends home phone numbers. I can't remember my partners cell phone number.
I recently considered getting an analogue phone book and noting down all the numbers in my smartphone contacts book just in case I ever lost access to the digital version.
> People have been trained to think they need an e-mail address for real-life things, but they don't.
The Dutch government not only defacto requires it, soon an Android or iOS phone with their app will be required too. Only very determined, very patient people with lots or spare time will be able to do without.
I assume they do the same thing as anyone else in any other country does. They go through the fall-back bureaucratic channel of 'haul your ass over to a physical, brick-and-mortar agency office'.
I was thinking about this on the way home the other day. I'm the most tech savvy of all my family and friends. I live and breath tech. Code all day, game all night.
But I'm the one who hates all smart home devices. I'm the one who wants a dumb TV. I would be perfectly happy with my dumb phone if it didn't keep pocket dialing emergency services.
I'm in a similar spot and have an ancient, dumb plasma TV on its last legs. I've poured HOURS into researching a replacement dumb TV that is reasonably cost effective and available. It's way too hard. I can get commercial displays from Samsung that are about 50% more expensive than consumer grade and about 4 years behind in picture/quality but that's about it.
All of us--and I include myself although I try to have some backup information on paper--have probably become too dependent on a single physical device which sucks in more and more information every year. See ongoing digitization of driver's licenses.
Especially for international travel, but really generally, I try to make it so I'm not completely screwed if something were to happen to my phone.
I try to still print out boarding passes when I can cos I don't want to deal with delays or missing a flight if my phone runs out of battery, especially if it's a flight out after a full day out and about. It's also less annoying at the airport fiddling with my phone to get the right barcode up each time it's needed (and no, I won't put it in to Google wallet)
You'll start doing it again after someone swipes your phone at the airport (yes, this still happens) and you miss your plane waiting in line to deal with the customer service agents.
I guess that depends on airport. Typically I could get a paper one printed at kiosk using ID if needed, usually 10 min or less. One of the reasons I stopped bothering.
Yes, the "one device per phone number" restriction is quite annoying. I'd like to have multiple, functional copies of my phone. Instead I settle for a phone and a 4G watch, paying for one phone number for each. Since eSIM providers allow cloning but I haven't tried that yet.
> or perhaps in the event of your death, is something you may also consider.
When my dad died we were glad that he had most of his passwords written down. There are a lot of things like the electric bill that we didn't know if he had paid yet or not, and other bills that are entirely paperless that we have have no idea about. Mom would hate to have something not paid just because we didn't know to pay it. There is a lot of paperwork to get access to accounts after someone dies and that takes time. (dad donated his body to science so that added a couple months before we could even start the paperwork)
Unfortunately there was one account we knew he had (because it showed up in quicken) and an IRA with most of his money, but it took us several months to figure out what bank it was at. Please don't do this to your family: write down all your accounts and their passwords in a safe place that someone trusted will look. (I need to take my own advice)
Anyone who acts as the "head of their household" and manages the family's finances, pays the bills, and manages the day to day home ops, do your heirs a favor and write out a Death Book[1] today, that contains all your various accounts, passwords, copies of important documents, and so on. PRINT IT OUT and put it in a safe or other secure place. I recently had two acquaintances who died pretty suddenly and young-ish (in their 40s). One was prepared and had his shit together, and it helped his family more easily pick up the pieces while they grieved. The other one did NOT have his shit together at all, and the result was even more stress and phone calls piled on to his family during an already difficult time.
Good advice - tracking down all of dad's account information was very laborious after he passed away - we found an insurance policy that covered my mom that I assume he didn't know about since he never made a claim.
We have our list printed and locked in a firesafe (which is bolted to the floor and not easy to find for a thief), as well as electronically in a shared 1Password vault shared between my wife and I. My sister (and executor of our will) knows that the paper is in the fire safe, just in case something disastrous happens to both my wife and I. They'll need a locksmith to get in the safe though.
> the “thing you know” could also be at risk. I realize this the older I get.
Years ago, when I was in university, I had a couple of machines in my room running FreeBSD with full-disk encryption. These machines were powered on for a few months without reboots until one day when the power went out.
Having not typed in the password in months, and at the time using the kind of passwords consisting of long word with a lot of numeric and symbolic substitutions, I was unable to decrypt the disks of my machines.
I lost a fair bit of data that day, but it taught me a valuable lesson.
These days, any passwords that I use for full disk encryption I make sure to
1. Regularly use. Meaning I’ll reboot machines and retype the passwords on a regular basis. Likewise, I connect external encrypted disks on a regular basis and decrypt them with their passwords.
2. Use pass phrases with many words but without any numbers or special characters. See also https://github.com/ctsrc/Pgen
This is where risk assessment comes into play - people often consider it "evaluate the attackers and how to prevent them" but risks include many things; hardware failures, memory failures, human memory failures, etc.
And one of the biggest risks with encryption is data loss if passphrase are forgotten - using encryption usually involves considering that data loss is better than data exposure - which is obviously true for things like passwords (you'd rather forget your bank's password than have it exposed, because you can reset it) but not necessarily true for other data.
This can lead to things like encrypted systems but storing the off-site backups unencrypted because they're off-line and the only real risk is theft. Again, depends on what the data is.
This is why Android requires users to type their PIN once a week, even if you use biometric authentication. It's an essential practice that needs to be the norm for any biometric auth.
> Second, if you had actually suffered such a loss, your digital life would hopefully be the last thing on your mind
To note, our banking system is well part of our digital life. Europe has already a flurry of “real” banks that have no physical presence, and after a catastrophic loss you’ll need that access to your bank as soon as possible.
This has made me think twice about using those banks (I'm thinking of Monzo etc.). I was already reconsidering anyway as all of these banks have been consistently reducing features and limiting usage (e.g. cash withdrawals) and generally making themselves worse than the 'real' banks.
It depends on the “attack” vector you see as the most problematic.
With a “real” bank, I had to go to an agency 5 times in a row to solve a paper issue because they wouldn’t just message me about it as it was “confidential” (they couldn’t validate our home address, though we were receiving their spam pretty fine), and the system was really built around the assumption that making you come to the agency was a no-brainer. The other options evolved snail mailing copies of the papers and waiting for them to process it.
There’s also the issue of “old fashion” people sticking more with traditional banks, making them skew their offerings towards these people. I was endlessly phone spammed with insurance and bullshit travel packs, and I couldn’t just block them as it came from my actual agent.
I think I'm lucky then. My 'traditional' bank is paperless, has a good app and website, and I can do everything over the phone with relative ease if I need to. It's all a bit clunkier than one of the app-native banks (which is why I half-switched to the app bank) but that's the software snob in me more than missing functionality.
A firesafe in a friend or relative's basement is a much better choice. Safety deposit boxes regularly get lost, tossed, or sold and the banks have very little liabilty.
I live in a fire prone area. I have a safe deposit box 30 mins away in a place that won't burn. I keep a HD there with all my photos on it. I refresh the drive monthly. The chance that this small credit union with maybe 100 boxes will lose, toss or sell my box on fire day is pretty minimal.
Yes, safe deposit boxes are not always as safe as spy movies would have you think (or even that we should assume them to reasonably be), but they can still be used as part of a disaster recovery strategy.
> A firesafe in a friend or relative's basement is a much better choice
The article addresses these options and why they are not ideal either.
Also, one thought experiment I just came up with: how many of your friends are you willing to let store their pendrives in your basement's firesafe? How often would you be comfortable with your friends coming to your home to update their pendrives?
I know several who I believe would be fine with it, all of whom I see regularly, usually down our usual pub, and all of whom would I suspect be happy to do an update at least every couple months in return for me buying them a few drinks for the hassle.
I already have multiple friends who have copies of my house key held in case something really stupid happens, none of whom found that weird and all of whom I'm willing to trust enough that I believe the risk of having multiple such copies extant but unmarked is significantly less than the risk of not having that fallback plan.
In fact, they all considered "being one of the spare key holders" to be an honour more than anything else.
I am very much aware that there are many people whose situations are very different than mine, but it works for me (and they're all wonderful people for whose existence I try to be appropriately grateful.)
I suppose they might want to encrypt a pendrive in case it was stolen from the friends housse. But you could do something similar with a piece of paper.
Pendrives aren't known for storing particularly well over the long term so they probably aren't a great choice anyway.
I have a recovery code for my iCloud written down on a piece of paper, in an envelope marked for my wife in case of emergency, in my office at work. There is nothing written on that piece of paper but the code.
It's not perfect security, but it's my security blanket in case my house burns down with my phone in it and I need to rebuild my whole house of cards.
> First, I’m so glad this turned out to be hypothetical
I've only learned about this is hypothetical from your comment (yes, I'm guilty of not reading to the very end). I wish the author conveyed that a little more clearly.
This is a common setup to build empathy so doesn't always mean "the following is a hypothetical thought exercise", such as "Imagine you find your self in the same situation as me, your house struck by lightning..."
It also detracts from the main point, which is this could happen to someone, but, since it’s hypothetical, makes it sounds a lot more unrealistic. The "fireproof but not lightning-proof" safe gave me pause, for example.
Building on the last paragraph, I keep my root PGP key on an encrypted USB drive. There's several files that are encrypted by the root key, but they're mostly like password manager recovery phrases as well as things like my birth certificate, social security number, and various government IDs I've used. There are two copies of this USB, one travels with me at all times, the other is securely stored and accessed twice a year to ensure it's still performing. Both USB keys have fuses that will blow if opened up. This makes it so that for the rest of my life I will remember one password.
Passwords can also be made more memorable. For instance, because a password manager remembers the rest of my passwords, I made this one what I call a "pattern password". On a US keyboard I could type it in seconds without looking, but it would be too complex to guess.
> Finding a secure way to store a master password in the event you cannot recall it,
Currently my master credentials are on an old USB stick (a Yubikey device that I got in an offer, though I only use it to type the long password as if it were a keyboard) and printed (plain and as a QR to save typing issues) & stored well away from the things they secure. The printed copies have the lot, the USB version requires a prefix which I remember.
This may seem risky (the old on-a-post-it-under-the-keyboard issue) but for my online backing and other key stuff the key risk is my password store which is secured by one of those master keys, and its main risk is someone remote getting access to both the key DB and the passphrase and it is properly air-gap secure against that. Similar for the encryption keys for local storage and off-site backups.
> or perhaps in the event of your death
This is a concern I've not at all addressed in my plans. The basics will be putting details in my will for how things should be accessed, but those details need to be both secure from inappropriate access and easy for th eright people to access when the time comes. Though as I have nothing much to leave to anyone that isn't too big a concern yet…
The halfway point is a bigger matter that I (and many others) really should address: what if I'm incapacitated temporarily or otherwise? Someone may need access to my stuff to sort a great many things while I can't. We've had an issue with this with my mother who due to dementia can't even sign her name, so neither she nor my dad couldn't access an account that was only in her name without a huge rigmarole of paperwork and assessments to sort out power of attorney. We've since got things sorted in advance of further problems (myself and my brothers set up with joint PoA so if something happens to him too we can sort what needs sorting more easily) but I have nothing like that setup for myself for either life stuff or technical stuff (or the things that are both).
I'm in good health as far as I know, but I'm not getting any younger (this year I'm on the cusp of leaving "the low 40s") and I've seen unpleasantly final things happen to people who were similarly good health as far as they knew.
This is also very relevant for family or trusted access. We had a hell of a time after my father had a stroke (recovered now) even though I had access to his computers and KeePass database - he had plenty of things where phone access was needed but nobody knew his unlock pin and it was required to reactivate fingerprint unlock.
It took me about 30 seconds to ask the question: If he's locked out of his digital life, how did he post the story to his blog? From that point on I knew it was hypothetical, but it was still a good read and raises important issues.
I'm a big fan of all lower case phrases as passwords now for this reason. Something like "this is my password there are many like it but this one is mine my password is my best friend it is my life I must master it as I must master my life". Very easy to remember. Very easy to type. Very hard to crack. Cheers.
Sure, I have to deal with password requirements when they're a thing. But for things under my control, like my encrypted drives, I do super long lower case letters as per my example.
I don’t even understand what we’re comparing here. Is it lines of code? In that case, you must include all of the code from tr, sort, and any other shell commands used to perform the task at hand. By that standard, Knuth still wins by a long shot. Were this an actual coding contest (if such things exist anymore), one does not simply argue that instead of coding the solution in the given language, I’m going to just use five other people’s solutions and claim my trophy. Had the argument been who could most efficiently reuse all of the resources of an operating system to produce the laziest solution that will likely produce the highest number of obscure edge cases in the future, create unexpected dependencies, and likely scale the worst, then perhaps the shell script wins. But I think Knuth was trying to demonstrate quite the opposite - good coding praxis that can be maintainable, debuggable, and made to scale. I guess what I’m saying is that it’s difficult to see any comparison here, whatsoever, since the purposes were so markedly different. The shell script is not a solution any professional would ship in a product, and would only appeal to lazy one off tasks. Who would have been daft enough firstly, to not read Knuth’s paper, but secondly to think there is anything worth comparing in the first place? The script might be the quickest solution. Knuth’s code is the proper solution.
Graham seems to have missed the mark here. What he’s describing as the unjust labeling of x-ism usually isn’t related to the deviation from a norm, insomuch as it is the prejudices behind that deviation. He argues that truth is ignored, but it’s not the truth that’s usually at issue in such matters, it is the manner of delivery of whatever truth may be, filtered through a set of prejudices the hearer is offended by. The hearer then can either utilize the thought terminating x-ist label, and walk away, or attempt to address those prejudices directly. In the former, they are saying, “because I have identified these prejudices in the way you’ve presented your case, I cannot give credence to any of the truth you are arguing”. Reasonable, but less than ideal. The latter - and often better response is, “that’s x-ist and let me tell you why.” That’s how you cut through the BS and have a productive conversation. I hope this is what he was trying to convey, but didn’t quite get there.
What he seems to have missed in separating truth from prejudices is important to recognize. This is an expected communications problem in a society that struggles with decency, and decency is what’s at issue here - not truth. Because at least one party lacks decency, they’ve lost their credibility to convey any truth. The other party may lack tolerance, but that intolerance is, at least usually, about those prejudices, and not any underlying truth.
Regardless, actual heresy - of the biblical type that Graham is trying to use to support his argument here - has historically been more based on threatening a power structure, such as was the case with Martin Luther, for example. Ironically here, the tables were turned, and the “heretic” (Luther) presented factual information while it was the hearer that reeled with prejudice. The two cases are about as much alike as a camel and a spork. I am surprised he tried to make the comparison. Nonetheless, if that is what he’s trying to argue, then he’s seemingly suggesting the fault is always on the listener for being offended. In the cases Graham is describing though, it is far more likely to be the speaker who wraps whatever truth there might be into vitriol brought into the conversation. It at least would have made for a good essay to point out both possibilities.
Tl;Dr: truth always falls victim to prejudice, on either side, which is why we should work to identify and root out our own prejudices before engaging.
Startups had unbelievable burn rates, sales and marketing teams overpromised technology, and greedy executives, who should never have been in charge of money, sought to invest millions in building the appearance of an empire rather than grow organically. Eyeballs, not earnings, was the focus. Many such companies would go bankrupt overnight. I was out of a job for six months. It was the most humbling part of my career. We almost lost everything. For a short time, we were on food stamps. I knew some scripting languages, Oracle, and systems engineering at the time and was doing mostly web based development, DBA, and server infrastructure buildout work - yet we couldn’t afford to pay for baby formula. During that six months, I taught myself C, discovered machine learning, and picked up other skills that would later open doors I never imagined would be possible for me. Hard times brought perseverance, humility, and an appreciation for the value of a dollar. I learned some of the most foundation skills and life lessons during the dot bomb.
If the aliens typed “call amazon” into google, they’d get a human almost instantly. It’s not rocket science, although aliens would be good at that too i guess.
Have been going back and forth on this. The trade off is that you lose a lot of potential to alert the user to suspicious behavior. For example, you might get promoted to give an all permission to use "your Library" (for access to certain cache folders); but if it later misbehaves then you won't see it accessing other cache folder, some belonging to other apps. On the other hand, it's still better than not using it at all, which most novice users will end up doing for a power user app (not using it).
Actually, this is standard behavior for the SourceForge project web service. Bandwidth usage is capped to prevent folks from serving files from project web instead of the mirror network-backed download service. Staff saw the surge in traffic to the project web site, confirmed it wasn't file serving activity, and re-enabled the site.
I wouldn't call these tools "Scary" unless you're a criminal. These tools have been used to build networks of previously unknown terrorists, put murderers in jail (two of which I had the pleasure of testifying for in high profile cases pro-bono), and frequently (on a daily basis) finds smoking guns in child rape and molestation, grand theft, kidnapping, and a number of other cases to which you should be thankful that you are entirely oblivious to. If you knew what really went on in our society, you'd be helping the good guys out too. I imagine you probably have in your mind some redneck cop pulling you over and checking for text messages on your phone illegally, or some other stupid misappropriation of authority... 99.99% of the time, these tools are used for the right purposes, and against people who might be living on your street, committing unspeakable offenses in private.
Now, as for the tools, saurik is entirely correct. The PIN code is, for the most part, just a GUI lock - think of it as a screen saver lock. The file system is encrypted on the chip, but applications need to be able to read and write from the file system. If you read the FAQ, I make no secret about how this works: we boot a custom RAM disk (from DFU mode) that mounts the disk. The kernel takes care of the decryption and because we're not actually booting the OS on disk, we don't have any pesky screen saver lock or anything else to even content with, though if we did, the forensic imaging process runs entirely in the background, and has the same level of access (root) that most of Apple's processes do.
As for encryption, what IS encrypted on disk that you can't get from the file system includes keychain passwords, HFS journal (to undelete files, thanks to Jean-Baptiste's most awesome code), and files protected with iOS' data-protection classes. These files are few and far between. In fact, a vast majority of the evidence you'll find on an iPhone is entirely unencrypted. For the files that ARE encrypted, Jean-Baptiste's brute forcing and decryption tools allow us to extract the master encryption keys from the device. Each keychain password is encrypted with its own key ("AES wrap"); we apply the device's keys to this wrap, decrypt the password's key, then use that key to decrypt the password. Apple's data-protection classes are about the same. Each file is wrapped and we use one of the class keys to ultimately decrypt the file. This includes the few files on the device that are encrypted, such as email + attachments, and some third party data files using this encryption.
Once you unwrap that, you'll find that even applications using their own encryption code are storing keys in the keychain - so once the keychain is decrypted, the keys to these third party crypto stores are equally exposed.
The moral of the story here is that the only GOOD way to protect files is 1. To encrypt them (something Apple really doesn't do very well), 2. To have the encryption depend on a very complex key that only the owner has knowledge of and must supply in order to decrypt the files, and finally 3. To protect the device in such a way that the key cannot be intercepted by trojans or other malware. Unfortunately, iOS fails on all of these counts, making it very easy (thanks to many world class hackers contributing code) to defeat all of the encryption on the device, and MOST of the encryption even when the device is password locked.
Scary? What's scary here is just how neglected security is on mobile devices, and how easy it would be for me, or Saurik, or anybody who can use code.google.com to steal all of the data on your device in just a few minutes.
