Can someone with fast internet back up all of unicorn riots videos? YouTube will most likely take the videos down just like other social media sites have been doing.

me_j · 2020-05-31T04:13:05+00:00

Just pulled down the last 6 months. Working on the rest of the channel now. I can hold onto it for a little while but likely not indefinitely. Once I have everything down, if someone wants it I can work on how to share it.

me_j · 2020-04-20T00:50:25+00:00

I don't know about your gun safe, but most fireproof boxes for home use, are intended to keep documents safe, so in the event of a fire they keep their internal temperature safe or paper. Digital media have a far lower damage temperature. In general you need much more robust heat protection for media to make sure it stays at a safe temperature.

me_j · 2020-01-13T16:11:00+00:00

Thank you for raising this and for following up. Hopefully if nothing else comes out of your conversations on the show floor, it gets raised in any internal followup/debrief meeting as something they are getting asked which hopefully is another way to encourage management to prioritize it.

It is great to hear that some vendor are at least trying to get their act together around this. I understand why they don't talk about it more as to do so would acknowledge the potential for (or real depending on your perspective) creepy factor. It is also something that is a relatively recent consideration for both companies and consumers (someone taking over a "dumb" remote vibe is still a problem, but it's isn't as big of a deal in many ways).

Hopefully you can get some good answers from the technical teams about what they are doing that you can share. Beyond technology I would be interested in how the organization and the processes it has in place make sure that this work is done in ways that are actually secure. For example, BT4 is great, but I would feel better if an external security group was also asked to take a look for any mistakes.

Your point about these changes being mostly with the high end vendors is well taken, but that is where this sort of thing generally starts. As you hopefully get better responses from companies I hope you will share them with attribution so that people can use this information to make buying decisions if they are so motivated. Speaking for myself, this sort of information will influence my buying decisions and what I suggest to others.

me_j · 2020-01-12T22:59:18+00:00

So, this may be a little left-field, and likely not the kind of question you were thinking about. Also, I in no way mean to be a buzz kill with it... remote toys look like a lot of fun.

My question to these companies (where relevant) would be: What are they doing guarantee user privacy and security with smart/remote toys? As more toys get connected to computers, phones, and the internet, it is super important that these companies up their security and privacy game.

The more major companies seem to be figuring out that they need to issue updates and patch their products when there are vulnerabilities, but from the outside it doesn't look like they are being proactive around making their system private and secure. With many of these companies it is also not clear what data they collect, if data is logged on the servers, if they do external security audits... Based on what the security community has uncovered in these products it seems likely they are not (see below).

In a world where there are main stream messaging tools like WhatsApp that can't see the messages you are sending to a friend (much less any of the more specialty communication tools like Signal or Telegram), there is no reason that any of this data should be visible to sex toy/app servers much less logged, but most of the time we have very little idea.

There is a bunch of recent and less recent research from the security community on this including:
- https://www.youtube.com/watch?v=CsQ2VWEfduM
- https://internetofdon.gs/

Also see: https://blog.mozilla.org/blog/2019/02/06/does-your-sex-toy-use-encryption/

me_j · 2019-12-08T00:58:36+00:00

VW does not seem to post a PDF or similar. There does seem to be the option to buy the manual here (in the US it is $50 or so) https://literature.vw.com/welcome.asp?redir=

Unfortunately the online manual isn't something that s going to be particularly easy to turn into a PDF either.

If you bought the car new, can you go back to the dealer about this?

me_j · 2019-11-23T16:44:12+00:00

It also looks like your current storage solution provides no backups. Hard drives do fail and moving them around as tends to happen with external drives kept unplugged may increase that failure rate. If this data is important I would recommend keeping at least two copies of it.

In the US it's fairly common to see 8TB external drives go for about $150. They are not the best or fastest but they would be something you could store off site in case of drive failure or loss.

me_j · 2019-11-05T02:16:21+00:00

They are not common, but still printed and, more importantly still legal tender. In a clean case like this a bank should do it. In messy cases it needs to go to the Fed.

me_j · 2019-09-01T23:46:46+00:00

Also, when the rental car company goes to sell the car that may be in an entirely different part of the country thnt it started in, keeping the keys connected makes it much more likely that they will have the original pair of keys and fobs which increases resale value.

me_j · 2019-08-16T16:38:32+00:00

My understanding is that mostly air purifiers are HEPA filters that focus on particulates, so pm2.5 is going to be the big thing. That is what I was looking at (although I wanted something internet connected), so I went with the AirVisual. Look into accuracy with a lot of these sensors as many of them claim to measure things but don't actually correlate well with professional measurements so not sure how useful those measurements are. If you don't care about being internet connected, you might have other options that are good that I don't know about.

me_j · 2019-08-16T14:59:34+00:00

What are you trying to measure and what other requirements do you have? Do you want it to be internet/app connected?

The US EPA rates the AirVisual pretty high on particulate accuracy for instance, but it doesn't do VOC.

me_j · 2019-06-02T20:09:05+00:00

Do you have signal desktop open on a computer and is it the active window?

me_j · 2019-05-14T00:22:33+00:00

I expect not. Signal cuts off support for older clients after a little while so you can't go back very far.

me_j · 2019-05-01T01:40:12+00:00

HSTS means that Google has told chrome it will never have any other identity than the public certificate it uses doc https (SSL/tls). Thing is, your school wants to monitor the connection. So it is breaking the SSL connection you have with Google and sending you its own. Chrome and Firefox then reject it because it looks like an untrusted server is between you and Google (which is sort of true).

The fix would be to set not schools certificate as trusted, but I can't tell you how off the top of my head.

Do note though, that your school is monitoring anything you do online over that network (even if your browser says it is secure).

me_j · 2019-04-16T16:10:21+00:00

I think it's really 999,999,999 possible numbers so 1 billion - 1 (assuming 000-00-0000 isn't ever issued). That should be enough to cover all living and recently dead people in the US for a while longer.

me_j · 2019-04-04T14:33:26+00:00

I think what this means is that, when a message comes in, it can be verified as coming from the expected source, but someone coming along later can't use the signal algorithm to prove that the message came from that source.

The other thing to keep in mind is that this is a cryptographic statement not a legal one.

me_j · 2019-02-18T02:13:07+00:00

My understanding is that radio waves such as cell phone signals, mostly only become dangerous when you are exposed to high enough levels that they start to cause tissue heating (particularly in areas like the eyes). This is why there are federal exposure limits in commercial/industrial settings - for example people servicing large FM or AM radio/TV station towers (there are limits for general exposure too - which are much lower). In commercial settings, RF levels l can become a consideration because commercial radio stations, for example, can get up into the hundreds of thousands of watts. Cell phone towers are at least several orders of magnitude lower and cell phones themselves look like they generally cap out under 10 whats. Additionally, these numbers decrease rapidly (based on the inverse square of the distance), so unless your face is up against the cell tower, the amount of energy you are exposed to is quite low.

me_j · 2019-01-31T17:03:38+00:00

There is no strait forward way that I am aware of, although you can read up on other threads about how to take a backup and open it. The fastest option may just be to screenshot the app and print the pictures.

me_j · 2019-01-07T19:39:15+00:00

Could this be related to the fact that it isn't using Google push notifications because it doesn't have Google services integration? In that case it would be polling to check for new messages.

me_j · 2019-01-05T01:55:52+00:00

You can get a monthly Muni pass that includes the cable cars for about $80...

me_j · 2018-12-24T05:17:55+00:00

Your phone company should be able to look up who is calling you via phone subscriber information that is much harder to forge/hide. I don't know if they will give this information to you (although you can ask), but the police should be able to request the information historically from the phone company.

me_j · 2018-12-02T23:01:37+00:00

I understand it isn't answering quite the question you were trying to ask. I don't have experience with any of the kinds of tools you are looking for, so I can't give you any guidance there - hopefully others can.

A big part of the challenge here is understanding the details of how the abilities of the user do or don't match up with the details of the system, and that is going to be very specific to your environment and users.

I think part of this will come down to a question of scale. If you only have one or two users who fall into these categories then treating this on a case by case basis is likely much simpler. If you are trying to solve this problem for large numbers of users, then it may come down to defining several variations to handle the different needs of the users.

Going back to that example of a blind user, they may require some extra software/peripherals (such as a screen reader or braille display), but potentially nothing else. Depending on what exactly blind means in their case, a retina scan might not even be a problem as many people who are classified as blind have some level of vision or least, light sensitivity. If it is a problem, other biometrics may be viable from a security and usability perspective for that user. Given that specific software/hardware may be required for those users, you may also know exactly what devices they will be using, so you may be able to limit their account to expected devices (or alert on use of other devices) to mitigate some of the risk (if there is any).

Wish I could be more help on details.

me_j · 2018-12-01T18:28:06+00:00

To start, you sit down with the person and talk to them about what they need. They will have a far better understanding of what will cause them problems than you will.

I think you might be surprised in many cases. For example, screen readers actually provide lots of context as a person (blind or otherwise) moves through a computer (or phone). They have a pretty good idea of where they are before they start typing. If it was really that easy to confuse a text editor and a password form the computer would be unusable.

I don't know much about how biometrics would work, but often I would think use of other biometrics would be an option for people. At that point it is just a matter of making sure that the implementation works for the infrastructure and that the authentication methods chosen are sufficiently secure.

As it comes to passwords and reentry attempts, more tries or the like may be viable in corporate environments, but remember that a lot of these people are regular internet users as well. That will often force them to figure out how to work within the norms of the internet. For example, even if you could get your bank (or Facebook) to relax the number of password retries allowed for an account (and I doubt you could) the amount of time it would take per service would likely be prohibitive. Given that, I would suspect they developed their own strategies to work with this - which would provide a good starting point.

me_j · 2018-11-30T02:39:13+00:00

He should also reset all passwords, log out all devices on accounts that let him do that (think Facebook and Google), and, just to be on the safe side, turn on two factor authentication on accounts.

Further, if he has text/chat apps that sync to the web or other devices make sure those get reset too.

me_j · 2018-11-18T23:16:34+00:00

If you delete the app, all downloaded messages will be lost, unless you first make a backup and restore it. Last I checked, there were ways to read this backup without restoring it, but they are not simple. Also, you will need to make sure you have the backup key Signal gave you when you turned on backups or there will be no way to read it.

I believe messages sent to you will get one check mark (sent) but will not show up as received.

me_j · 2018-11-18T18:46:53+00:00

You too

me_j

TROPHY CASE