Home |
Search |
Today's Posts |
|
Home Repair (alt.home.repair) For all homeowners and DIYers with many experienced tradesmen. Solve your toughest home fix-it problems. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#41
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-18, Don Y wrote:
This is the key point: ---------------------^^^^^^^^^^ How far do you go in screwing up your lifestyle just for the sake of *claiming* you've protected your privacy? What you do consider "screwing up" ones' lifestyle? I pay cash for all local purchases and rarely buy anything online. I use settings and install extensions on web browsers that help prevent tracking. I don't use Microsoft, Apple, or Google products. To me none of this is "screwing up" my lifestyle. They don't even require a lot of effort. (In particular buying everything with cash is just a continuation of what I've always done. Using a credit or debit card for everything would be the strange, screwed up thing to me.) -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#42
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 6:16 AM, Roger Blake wrote:
On 2015-10-18, Don Y wrote: This is the key point: ---------------------^^^^^^^^^^ How far do you go in screwing up your lifestyle just for the sake of *claiming* you've protected your privacy? What you do consider "screwing up" ones' lifestyle? I pay cash for all local purchases and rarely buy anything online. Ever rent a car? Fly on an airplane? Then, you've used a credit card (and your travels are now, literally, trackable). I was "forced" to get (several) credit cards in my teen years as I was traveling extensively for work; impossible to carry that much cash around the country *or* rent a car with it! Buy real estate? Purchase a "big ticket item" (e.g., car, expensive piece of test equipment)? (Sub)contract a job (have your house painted, a major auto repair, hospital bill)? Then, chances are, you used a charge card or wrote a check. Have a prescription filled? I.e., for most meds, it's a simple step backwards to deduce *why* you're having the Rx filled! The more meds, the easier the conclusions drawn. I use settings and install extensions on web browsers that help prevent tracking. And, like me, are *more* trackable as a result! Several sites on the web to check this but here's the first two that popped up: https://panopticlick.eff.org https://amiunique.org The first link claims (for me): "Within our dataset of several million visitors, only one in 2,987,527 browsers have the same fingerprint as yours" but, only does so when I enable Jscript. In the second web site my browser reported as "2 out of 103512" with Jscript DISabled. I.e., the other site *could* conceivably have included these similar tests (but didn't?). And neither tried to take into account my IP address! I.e., any "other" browsers that were indistinguishable from mine PROBABLY were *not* within 100 miles of here! [Ideally, you want to find the site that has had the greatest number of *unique* visitors] We already know you use Linux for USENET access -- with slrn v0.9.9p1. And, that you post through Eternal September with account "U2FsdGVkX1+baz31s5YbQ3GRKudpY5+z3TIqssyP5v0=" from a host that can be uniquely identified as "0db17d4457d3cd163162e46470f0c6bf". I used to routinely mangle the identification strings in my browser, mail client, DNS service, etc. thinking "that way, no one will know which versions of these products I'm running"! Of course, that just made my network presence *incredibly* unique! I don't use Microsoft, Apple, or Google products. Anyone send you email? Do you *use* a telephone? Send/receive snail mail? Each of these people/organizations further refines your profile because, chances are, *they* have had profiles developed regarding their behaviors. E.g., the "metadata" tells folks much about you even if the actual "content" is never examined. E.g., if they tend to spend a lot on alcoholic beverages, then its likely that *you* probably also do -- just not with "trackable currency". And, the fact that you *don't* use those mechanisms further identifies you ("Ah, he's one of these guys who TRIES to stay off the radar... I wonder what HE is hiding??") Have a CATV subscription? (If you *don't*, then the value of HaveCATVSubscription for *your entry* in the tracking database is just '0' instead of '1' -- but it doesn't remove you from that database!) Have an ISP? Are you *sure* they haven't been served with a warrant to disclose your email, IP traffic, etc. and ORDERED not to disclose said warrant to you (or anyone else)? Even *when* you use the network reveals something about you (owl/lark). The sites you visit even moreso! I had an associate who would send his finished designs to his clients in encrypted "envelopes". And, they always seemed to take days to arrive -- instead of *minutes*. Does the Internet have a "warehouse" where packets *sit* during transit (like the Post Office warehouses snail mail)? grin To me none of this is "screwing up" my lifestyle. They don't even require a lot of effort. (In particular buying everything with cash is just a continuation of what I've always done. Using a credit or debit card for everything would be the strange, screwed up thing to me.) Ever go into a bank? Casino? Walk by a CCTV camera? Each of them are loaded with CCTV cameras that *used* to just want to "gather evidence" -- in the event of a crime. Now, the video is harvested. ("The guy at teller window #3 always makes CASH withdrawals" And, no HUMAN needs to make that observation! A machine can watch what the teller's machine is doing and correlate that with your image on the video feed. And, associate this with a *name* on the payroll check, etc. that you are providing or bank account number from which the funds are being withdrawn. Or, don't you have a bank account?) Drive a car down a road? I.e., your license plate has probably been routinely photographed and sits in a database, somewhere, indicating when and where it was photographed, direction of travel, etc. If you're deliberately avoiding all of these "tracking/profiling opportunities", I suspect your lifestyle has *significantly* been compromised to make that happen! |
#43
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/17/2015 7:57 PM, Mayayana wrote:
All I want is a decent computer that I control myself. I'd be less bothered by people who choose shopping TV, frankly, if a straight computer was also still an easy option. But that's becoming an increasingly complex challenge. The AOL walled garden is not an offering. It's a sneaky strategy. The complexity of settings and actions required just to prevent Win7 being overwritten by Win10 is a good example. Run whateverOS in a VM under whateverOTHERos. But, aren't you trading one "walled garden" for another in the process? How much are you willing to pay (in lack of convenience) for that? E.g., none of my machines talks to the outside world (save this one). This means I don't have to worry about "security flaws", proprietary/private data leaking out, hostile interactions (even failed actions can be costly; e.g., DoS). But, it also means that when I want to send/receive email, I must get my *ss out of one chair and find my way to *this* chair. When I want to upgrade the MS machines, I must "manually" download those updates -- then sneakernet them over to the appropriate machines. I can't video conference with clients -- OTOH, I *can't* video conference with clients! : And, never have to worry about whether the lens cap is on the camera, or not! When doing research, if I find an interesting object, I can't just query my reference archive to see if I already *have* a copy of the item; instead, I have to jot down the name of the item and move to another "internal" machine to perform that check. Then, come back, here, to actually *get* the item (if I don't already have it) and, once again, sneakernet it back to insert it into the archive. We do our banking and online purchases on an "immutable" laptop; one that essentially has a "write protected" hard disk. So, never any fear of a "persistent" infection. But, that means we can't (easily) *save* anything on that machine, either! So, my machines *are* (and will remain) "under my control". It's just that I now *have* to control them! :-/ |
#44
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
| Run whateverOS in a VM under whateverOTHERos.
| But, aren't you trading one "walled garden" for another | in the process? How much are you willing to pay | (in lack of convenience) for that? | I'm not. As far as I'm concerned, VMs are for the birds, except maybe for fulltime software testing. | E.g., none of my machines talks to the outside world | (save this one).... | We do our banking and online purchases on an "immutable" laptop; That sounds like a well planned solution, but it wouldn't work for me. Too much hassle. Most things I do involve going online. Even if I'm editing a photo or writing software, it's not unusual to want to look something up. I don't want multiple machines any more than I want VMs. With banking, I just don't do it online. I take the approach of operating safely when online and avoiding banking, shopping, etc. Those things simply can't be made safe. Even with a read-only laptop you still risk things like man-in-the-middle attacks in your connection to the bank. |
#45
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 7:39 AM, Mayayana wrote:
| Run whateverOS in a VM under whateverOTHERos. | But, aren't you trading one "walled garden" for another | in the process? How much are you willing to pay | (in lack of convenience) for that? I'm not. As far as I'm concerned, VMs are for the birds, except maybe for fulltime software testing. VM's are an excellent way of supporting multiple machine configurations without trying to cram everything into a single physical machine. In hindsight, I wish I had implemented each of my workstations as a *set* of VM's instead of trying to get several dozen large apps to "play well" together. I also use VM's to support legacy OS's without having to worry about finding a "vintage" driver that will work on *modern* hardware. | E.g., none of my machines talks to the outside world | (save this one).... | We do our banking and online purchases on an "immutable" laptop; That sounds like a well planned solution, but it wouldn't work for me. Too much hassle. Most Very little hassle. If you want to save something, you save it to a thumb drive (we save copies of statements to a thumb drive as a matter of course -- so they are available even if a computer crashes OR we have to leave the house in an emergency -- and can't bother grabbing a computer to drag along our financial records!). Or, you set up a "persistent" portion of the disk (e.g., a "D:") that you can use for that purpose. The point is, no "software" (or settings governing its operation) ever gets changed on the machine. In the future, I'll install Flash on that machine for those few times SWMBO "needs" to view some Flash presentation (yet don't want to risk supercookies) things I do involve going online. Even if I'm editing a photo or writing software, it's not unusual to want to look something up. I don't want multiple machines any more than I want VMs. I simply could not operate with fewer machines -- let alone the redundancy issue. I have far too many (big) apps that would be tedious to get -- and KEEP -- to play together well. And, too much risked "repair time" when/if something got munged. And, no way I want to multiboot Solaris, FreeBSD/NetBSD and Windows and *hope* the machine stays in a consistent state. With banking, I just don't do it online. I take the approach of operating safely when online and avoiding banking, shopping, etc. Those things simply can't be made safe. Even with a read-only laptop you still risk things like man-in-the-middle attacks in your connection to the bank. Then you limit yourself to the range of banks (and other institutions) with which you can operate. And, your choices will diminish, over time. [I've had to close several accounts in recent years when they changed the terms to effectively push me to access my statements, etc. "on line"] "Operating safely" is almost impossible. Too many drive-by attacks -- even on big "well known" sites. Hence the approach of getting the machine into a known, safe state and ensuring that it can't be changed from that state. |
#46
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
| With banking, I just don't do it online. I take
| the approach of operating safely when online | and avoiding banking, shopping, etc. Those things | simply can't be made safe. Even with a read-only | laptop you still risk things like man-in-the-middle | attacks in your connection to the bank. | | Then you limit yourself to the range of banks (and other | institutions) with which you can operate. And, your choices | will diminish, over time. | I pay $1/month for a paper statement. I doubt very much that I won't be able to get a statement any time soon. Even if they didn't mail it, one can go into any bank for a printout as desired. Doing risky things online because I *might* have to someday is not a good reason to me. | "Operating safely" is almost impossible. Too many drive-by | attacks -- even on big "well known" sites. Hence the approach | of getting the machine into a known, safe state and ensuring that | it can't be changed from that state. You sound like you know what you're doing, so I wouldn't be inclined to tell you that you should change, but my way also works. Nearly all possible online attacks require javascript. Most of those also use secondary vulnerabilities, such as iframes or Flash. I rarely enable script online. When I do, I do it in Firefox with NoScript, to limit the exposure. I don't have AV or malware hunter software. And I've never had a malware problem of any kind. I wouldn't recommend that approach to everyone. People who don't want to learn the basics and do want to access the Internet as "consumers", with extensive functionality to shop, play games, bank, Facebook, etc will need AV. But my way, understanding the risks and disabling script, is far safer than the person with all the latest patches and AV, but who enables script online. There's simply no way to make that safe. |
#47
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-18, Don Y wrote:
Ever rent a car? Fly on an airplane? Not for decades. Buy real estate? Purchase a "big ticket item" (e.g., car, expensive piece of test equipment)? All cash. Have a prescription filled? I.e., for most meds, it's a simple step backwards to deduce *why* you're having the Rx filled! The more meds, the easier the conclusions drawn. Actually unless it's a narcotic it's easy to get a prescription using an assumed name! And, like me, are *more* trackable as a result! Several sites on But not identifiable as to name, address, etc. We already know you use Linux for USENET access -- with slrn v0.9.9p1. And, that you post through Eternal September with account "U2FsdGVkX1+baz31s5YbQ3GRKudpY5+z3TIqssyP5v0=" from a host that can be uniquely identified as "0db17d4457d3cd163162e46470f0c6bf". All quite spoofable as well. Anyone send you email? Do you *use* a telephone? Send/receive snail mail? Easy enough to cycle through anonmyous pre-paid cell phones if needed. Same with email addresses. Have a CATV subscription? Nope. Have an ISP? Are you *sure* they haven't been served with a warrant to disclose your email, IP traffic, etc. and ORDERED not to disclose said warrant to you (or anyone else)? Since everything is funneled through a foreign-based VPN service that keeps not records there is nothing for them to disclose. Ever go into a bank? Casino? Walk by a CCTV camera? Each of them are loaded with CCTV cameras that *used* to just want to "gather evidence" -- in the event of a crime. Now, the video is harvested. Banks rarely, casinos never. Large reflective sunglasses and broad-brimmed hats go a long ways to dealing with CCTV systems. Drive a car down a road? I.e., your license plate has probably been routinely photographed and sits in a database, somewhere, indicating when and where it was photographed, direction of travel, etc. Fresnel lens over the plate takes car of that. If sufficiently motivated so does having the car registered to an out-of-state entity. If you're deliberately avoiding all of these "tracking/profiling opportunities", I suspect your lifestyle has *significantly* been compromised to make that happen! You would be wrong. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#48
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 4:42 PM, Roger Blake wrote:
On 2015-10-18, Don Y wrote: Ever rent a car? Fly on an airplane? Not for decades. Buy real estate? Purchase a "big ticket item" (e.g., car, expensive piece of test equipment)? All cash. If in your name the deed is recorded. You eliminate many, but not all traces. Ever go into a bank? Casino? Walk by a CCTV camera? Each of them are loaded with CCTV cameras that *used* to just want to "gather evidence" -- in the event of a crime. Now, the video is harvested. Banks rarely, casinos never. Large reflective sunglasses and broad-brimmed hats go a long ways to dealing with CCTV systems. Some banks will not allow you in dressed like that. Drive a car down a road? I.e., your license plate has probably been routinely photographed and sits in a database, somewhere, indicating when and where it was photographed, direction of travel, etc. Fresnel lens over the plate takes car of that. Is the plate visible to the eye? I know some states are making thing like that illegal so the speed cameras can get you. As long as the police can easily see your plate you may never get caught though. |
#49
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-18, Ed Pawlowski wrote:
If in your name the deed is recorded. You eliminate many, but not all traces. The point isn't going deep underground, if that's what I was after I would not be here. The point is not forking over information carte blanche during the course of normal day-to-day life. Of course there is some paper and/or electronic trail to be found, but it is spotty, particularly compared to someone who pays for everything via credit or debit card and goes out and details it all on Facetube or whatever. Actually for me paying cash and staying out of debt is mostly due to having been brought up by parents who lived through the Great Depression of the 1930s. Preserving a modicum of privacy in an increasingly intrusive environment is a beneficial side effect. Some banks will not allow you in dressed like that. Haven't had a problem, but they know me at my bank anyway. (Small community bank, been a customer there for decades.) It helps being old, of course, wearing cataract-style sunglasses doesn't raise many eyebrows for people my age - might not be the case for a 20-something! Is the plate visible to the eye? I know some states are making thing like that illegal so the speed cameras can get you. As long as the police can easily see your plate you may never get caught though. A proper fresnel lens or louvered covering will look fine straight on but will obscure the plate from a steep angle. Probably illegal (in many jurisdictions any plate cover is) but poorly enforced as long as the plate is properly visible to the cop just behind or ahead of you. Here's one, there are others, and some homebrew solutions: http://www.ontrackcorp.com/original-protector.cfm There would probably also be active solutions possible that would work in a similar manner to those using infrared LEDs to foil facial recognition systems. For myself, I'm in a rural area where plate cameras and scanners are not much of a concern - yet. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#50
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 11:38 AM, Mayayana wrote:
| With banking, I just don't do it online. I take | the approach of operating safely when online | and avoiding banking, shopping, etc. Those things | simply can't be made safe. Even with a read-only | laptop you still risk things like man-in-the-middle | attacks in your connection to the bank. | | Then you limit yourself to the range of banks (and other | institutions) with which you can operate. And, your choices | will diminish, over time. I pay $1/month for a paper statement. I doubt You're lucky. I've closed accounts when each notified me that they wanted $8.95/month to mail me a single sheet of paper with 1, 2 or, at most, *3* transactions on it! Note that one of the banks was 1500 miles from here -- so its not a "local phenomenon". very much that I won't be able to get a statement any time soon. Even if they didn't mail it, one can go into any bank for a printout as desired. Doing risky things online because I *might* have to someday is not a good reason to me. Do you own any securities? Do any "trading"? | "Operating safely" is almost impossible. Too many drive-by | attacks -- even on big "well known" sites. Hence the approach | of getting the machine into a known, safe state and ensuring that | it can't be changed from that state. You sound like you know what you're doing, so I wouldn't be inclined to tell you that you should change, but my way also works. Nearly all possible online attacks require javascript. If you look at the history of vulnerabilities, you'd realize that's not the case. Buffer overflow exploits are still common -- despite EVERYONE knowing about this sort of potential problem (yet continuing to write NEW code that has the same flaws). Are *all* inbound ports on your machine closed? Have a look at "Shield's Up": https://www.grc.com Do you "NAT" your connections? Use a STATEFUL firewall? Ever download/open a PDF? http://securityxploded.com/pdf_vuln_exploits.php Open a JPG? https://www.f-secure.com/v-descs/ms04-028.shtml Maybe a video (MP4)? http://www.hacking-tutorial.com/hacking-tutorial/hacking-tutorial-windows-xp-sp3-using-adobe-flash-player-mp4-vulnerability/ Or, perhaps, music (MP3)? http://www.gnucitizen.org/blog/backdooring-mp3-files/ I.e., any piece of code that can be coerced into "processing" foreign data represents an attack surface. In the past, JPG's have been used to inject malware, malformed URL's Most of those also use secondary vulnerabilities, such as iframes or Flash. I rarely enable script online. When I do, I do it in Firefox with NoScript, to limit the exposure. I don't have AV or malware hunter software. And I've never had a malware problem of any kind. We don't run AV, here as it takes to big a hit on the machine's performance, requires constant updates (sometimes *introducing* bugs/false positives in the process), etc. We practice "safe computing" -- much to SWMBO's dismay (as she isn't allowed to view much of the cruft her friends send to her as "funny links"). Periodically, I take the machine down and mount the disk as a sercondary drive so I can scan it with a current AV release -- just for peace of mind ("Nothing found so we've been well behaved") Of course, the machine is only useful to a hacker as a point from which to possibly launch another attack -- there's nothing *here* worth stealing or "snooping"! I wouldn't recommend that approach to everyone. People who don't want to learn the basics and do want to access the Internet as "consumers", with extensive functionality to shop, play games, bank, Facebook, etc will need AV. But my way, understanding the risks and disabling script, is far safer than the person with all the latest patches and AV, but who enables script online. There's simply no way to make that safe. Having NoScript block all domains, here, means I often have to take several attempts to view a site -- successively enabling more and more domains until the site "appears" to work. Some sites are very deliberate in refusing to work without Jscript enabled. Some refuse to work without Flash. Each of these represents an inconvenience to me. But, as most of the sites that I am interested in are highly technical, I can put up with these occasional inconveniences. |
#51
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-18, Don Y wrote: This is the key point: ---------------------^^^^^^^^^^ How far do you go in screwing up your lifestyle just for the sake of *claiming* you've protected your privacy? What you do consider "screwing up" ones' lifestyle? I pay cash for all local purchases and rarely buy anything online. I use settings and install extensions on web browsers that help prevent tracking. I don't use Microsoft, Apple, or Google products. To me none of this is "screwing up" my lifestyle. They don't even require a lot of effort. (In particular buying everything with cash is just a continuation of what I've always done. Using a credit or debit card for everything would be the strange, screwed up thing to me.) How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I don't even see any of them. I use card paying in full when I get the bill. I pay the bill on line as well. On small business we have all the payment is done by CC. Lots of points is being collected plus points I collected when I was working which pay for our travels like going to see our grand son in Victoria Island. Been long time since I paid for air line ticket with paper money. Oh, I book flight online too, LOL! At our store cash sale amount is less than 10% of total sales in any day. |
#52
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Don Y wrote:
On 10/18/2015 6:16 AM, Roger Blake wrote: On 2015-10-18, Don Y wrote: This is the key point: ---------------------^^^^^^^^^^ How far do you go in screwing up your lifestyle just for the sake of *claiming* you've protected your privacy? What you do consider "screwing up" ones' lifestyle? I pay cash for all local purchases and rarely buy anything online. Ever rent a car? Fly on an airplane? Then, you've used a credit card (and your travels are now, literally, trackable). I was "forced" to get (several) credit cards in my teen years as I was traveling extensively for work; impossible to carry that much cash around the country *or* rent a car with it! Buy real estate? Purchase a "big ticket item" (e.g., car, expensive piece of test equipment)? (Sub)contract a job (have your house painted, a major auto repair, hospital bill)? Then, chances are, you used a charge card or wrote a check. Have a prescription filled? I.e., for most meds, it's a simple step backwards to deduce *why* you're having the Rx filled! The more meds, the easier the conclusions drawn. I use settings and install extensions on web browsers that help prevent tracking. And, like me, are *more* trackable as a result! Several sites on the web to check this but here's the first two that popped up: https://panopticlick.eff.org https://amiunique.org The first link claims (for me): "Within our dataset of several million visitors, only one in 2,987,527 browsers have the same fingerprint as yours" but, only does so when I enable Jscript. In the second web site my browser reported as "2 out of 103512" with Jscript DISabled. I.e., the other site *could* conceivably have included these similar tests (but didn't?). And neither tried to take into account my IP address! I.e., any "other" browsers that were indistinguishable from mine PROBABLY were *not* within 100 miles of here! [Ideally, you want to find the site that has had the greatest number of *unique* visitors] We already know you use Linux for USENET access -- with slrn v0.9.9p1. And, that you post through Eternal September with account "U2FsdGVkX1+baz31s5YbQ3GRKudpY5+z3TIqssyP5v0=" from a host that can be uniquely identified as "0db17d4457d3cd163162e46470f0c6bf". I used to routinely mangle the identification strings in my browser, mail client, DNS service, etc. thinking "that way, no one will know which versions of these products I'm running"! Of course, that just made my network presence *incredibly* unique! I don't use Microsoft, Apple, or Google products. Anyone send you email? Do you *use* a telephone? Send/receive snail mail? Each of these people/organizations further refines your profile because, chances are, *they* have had profiles developed regarding their behaviors. E.g., the "metadata" tells folks much about you even if the actual "content" is never examined. E.g., if they tend to spend a lot on alcoholic beverages, then its likely that *you* probably also do -- just not with "trackable currency". And, the fact that you *don't* use those mechanisms further identifies you ("Ah, he's one of these guys who TRIES to stay off the radar... I wonder what HE is hiding??") Have a CATV subscription? (If you *don't*, then the value of HaveCATVSubscription for *your entry* in the tracking database is just '0' instead of '1' -- but it doesn't remove you from that database!) Have an ISP? Are you *sure* they haven't been served with a warrant to disclose your email, IP traffic, etc. and ORDERED not to disclose said warrant to you (or anyone else)? Even *when* you use the network reveals something about you (owl/lark). The sites you visit even moreso! I had an associate who would send his finished designs to his clients in encrypted "envelopes". And, they always seemed to take days to arrive -- instead of *minutes*. Does the Internet have a "warehouse" where packets *sit* during transit (like the Post Office warehouses snail mail)? grin To me none of this is "screwing up" my lifestyle. They don't even require a lot of effort. (In particular buying everything with cash is just a continuation of what I've always done. Using a credit or debit card for everything would be the strange, screwed up thing to me.) Ever go into a bank? Casino? Walk by a CCTV camera? Each of them are loaded with CCTV cameras that *used* to just want to "gather evidence" -- in the event of a crime. Now, the video is harvested. ("The guy at teller window #3 always makes CASH withdrawals" And, no HUMAN needs to make that observation! A machine can watch what the teller's machine is doing and correlate that with your image on the video feed. And, associate this with a *name* on the payroll check, etc. that you are providing or bank account number from which the funds are being withdrawn. Or, don't you have a bank account?) Drive a car down a road? I.e., your license plate has probably been routinely photographed and sits in a database, somewhere, indicating when and where it was photographed, direction of travel, etc. If you're deliberately avoiding all of these "tracking/profiling opportunities", I suspect your lifestyle has *significantly* been compromised to make that happenn Simply put they know more about me than I know about myself, LOL! |
#53
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Ed Pawlowski wrote:
On 10/18/2015 4:42 PM, Roger Blake wrote: On 2015-10-18, Don Y wrote: Ever rent a car? Fly on an airplane? Not for decades. Buy real estate? Purchase a "big ticket item" (e.g., car, expensive piece of test equipment)? All cash. If in your name the deed is recorded. You eliminate many, but not all traces. Ever go into a bank? Casino? Walk by a CCTV camera? Each of them are loaded with CCTV cameras that *used* to just want to "gather evidence" -- in the event of a crime. Now, the video is harvested. Banks rarely, casinos never. Large reflective sunglasses and broad-brimmed hats go a long ways to dealing with CCTV systems. Some banks will not allow you in dressed like that. Drive a car down a road? I.e., your license plate has probably been routinely photographed and sits in a database, somewhere, indicating when and where it was photographed, direction of travel, etc. Fresnel lens over the plate takes car of that. Is the plate visible to the eye? I know some states are making thing like that illegal so the speed cameras can get you. As long as the police can easily see your plate you may never get caught though. I believe it is some kinda mental case. -----phobia?. |
#54
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
| I pay $1/month for a paper statement. I doubt | | You're lucky. I've closed accounts when each notified me that | they wanted $8.95/month to mail me a single sheet of paper | with 1, 2 or, at most, *3* transactions on it! Note that | one of the banks was 1500 miles from here -- so its not | a "local phenomenon". | TD Bank. And they're open on Sundays, too. I'm not sure I even want to know why you have numerous bank accouts on the other side of the country. | Do you own any securities? Do any "trading"? | No. I'm not a gambler. Frankly I think straight gambling on the stock market should be illegal, with something like a 90 day minimum period that stocks would have to be held and no option for buying options, which are merely bets. Then people would be investing in companies rather than just a big, glorified gambling hall. | You sound like you know what you're doing, so I | wouldn't be inclined to tell you that you should change, | but my way also works. Nearly all possible online attacks | require javascript. | | If you look at the history of vulnerabilities, you'd realize that's | not the case. Buffer overflow exploits are still common -- despite | EVERYONE knowing about this sort of potential problem (yet | continuing to write NEW code that has the same flaws). | Buffer overflows require executable code. The point is to go back to what the Web was meant to be: A resource that can be accessed. Not remote software. However you look at it, nearly all risks online require script. It's true that there has been at least one issue with JPGs. That was actually a vulnerability in gdiplus.dll, the Windows extended graphics library. There was also once an issue with EMF files. It's not impossible to face a vulnerability with script disabled, but it's *very* unlikely. With script enabled, on the other hand, you're a sitting duck. PDF exploits, as well as Flash, are also script issues. The MP4 bug you link to is a Flash problem. Likewise, the MP3 bug you linked to is with script in iTunes. What you're talking about is all executable code. The point is to get executable code out of the browser. Don't use Adobe crap at all. Don't enable script. Don't install Java. Don't run videos and music in browser plugins like Flash. Don't enable script in your PDF viewer. (For me this is easy. I don't like things moving on webpages while I'm trying to read. If I want to see a video I'll download it, so I can save a copy, and play it in VLC. If I can't download it I can't be bothered. I'm not going to sit around "watching TV" on my monitor.) | Having NoScript block all domains, here, means I often | have to take several attempts to view a site -- successively | enabling more and more domains until the site "appears" | to work. Some sites are very deliberate in refusing to work | without Jscript enabled. Some refuse to work without Flash. | Yes. I guess it depends a lot on what sites you visit. I have noticed lately that more sites design to break without script. Maybe not all deliberately. The code has gotten to be such a mess that it's hard to tell. I don't use highly interactive sites, so I've never needed Flash. I've never even had it installed. And fortunately it's being phased out. One of the increasing problems I've seen is kiddie sites hosted by Wix and Squarespace. They get small business people to set up sites for free or cheap. It's all a very simple, drag-drop-and-choose-options kind of operation. People think it's clever that they made their own site. But the pages are actually pseudo-JSON muck that directs the loading of the page from the Wix or Squarespace server. It's completely broken without script. The nasty thing about it is that it breaks because it's using client- side processing to put the page together. PHP and ASP would work just fine server-side, but Wix and Squarespace are cutting corners. I was looking at a site yesterday by some very talented designers and engineers. Heatherwick.com. Their website is a mess, with the noscript code inside script blocks! These people are award winning designers with big gallery shows, yet they can't build a website with the most basic functionality. Another one I've noticed recently is Forbes.com. I used to go there sometimes for news. Now there's actually no webpage at all. Their pages are either built from script or hide the content inside script. They're actually, in some cases, embedding the entire HTML string inside script variables! That's so idiotic and wasteful that it can only be a case of trying to make their site break without script. It's got so bad, and some of the script I see is so bizarre and convoluted, that I recently wrote a tool to sort it out: http://www.jsware.net/jsware/scrfiles.php5#jsdeob It's only for people who are familiar with webpage coding, but I find it can come in handy sometimes. |
#55
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-18, Tony Hwang wrote:
How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I find shopping locally using cash to be easy and convenient. It's what I've always done, I'm not particularly going out of my way or changing anything to do it. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#56
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 4:06 PM, Tony Hwang wrote:
Don Y wrote: If you're deliberately avoiding all of these "tracking/profiling opportunities", I suspect your lifestyle has *significantly* been compromised to make that happenn Simply put they know more about me than I know about myself, LOL! They have AN INTEREST in knowing -- you probably *don't*! : My MD asks me questions that I'd never think of asking myself. *He* knows how those things correlate with things that he might be looking for. Similarly, folks thinking of extending credit to me might be interested in how diligently I get annual physicals (i.e., if I don't exercise discipline over my own PHYSICAL HEALTH, I'm probably less likely to exercise discipline over my FISCAL HEALTH!) Folks always think there has to be some IDENTIFIABLE *reason* for a correlation. Actuaries (and others who make decisions based on probabilities) only care about the fact that a correlation APPEARS to exist -- they don't really care *why* as long as the correlation is statistically reliable! People who drive white cars tend to have fewer accidents. Is this because white cars are safer? Or, because people who aren't concerned with the color of their car tend to have a more cautious personality? Or, because OTHER drivers can more readily *see* white vehicles (to avoid them)? shrug |
#57
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 3:09 PM, Roger Blake wrote:
From the above, it sure looks like you spend a LOT of time trying to stay hidden. Best hope no one takes an interest in the extent to which you try to hide -- you may find yourself at the TOP of their watch list! : Doesn't take much time at all. Perhaps someone will take an interest, would love to waste their time. Why not report me? I suspect your .signature has already done that! : |
#58
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-18, Don Y wrote:
I suspect your .signature has already done that! : Quite possibly! Not that I think it would ever happen of course, but if those responsible for mass gov't surveillance ever were to be properly punished for their crimes I would volunteer to throw the switch on the chair - though I'd probably have to wait in a long line for the privilege. We might need to develop some new tech for the number of executions that would be needed. Possibly an electric couch? -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#59
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 4:13 PM, Mayayana wrote:
| I pay $1/month for a paper statement. I doubt | | You're lucky. I've closed accounts when each notified me that | they wanted $8.95/month to mail me a single sheet of paper | with 1, 2 or, at most, *3* transactions on it! Note that | one of the banks was 1500 miles from here -- so its not | a "local phenomenon". TD Bank. And they're open on Sundays, too. I'm not sure I even want to know why you have numerous bank accouts on the other side of the country. I have lived in many places. It is usually more convenient to leave an existing account someplace open until I can get a new account somewhere_else established. And, when they WERE mailing paper statements, there was virtually no cost to me to KEEP those accounts open (most of my accounts have had strict check-writing constraints -- like 3 per month). So, an extra account would let me handle extra transactions, etc. I know I had to maintain an account in CT for the tax man (consultants' time has sales tax applied so they want someplace to find you to *get* that tax!) | Do you own any securities? Do any "trading"? No. I'm not a gambler. Frankly I think straight gambling on the stock market should be illegal, with something like a 90 day minimum period that stocks would have to be held and no option for buying options, which are merely bets. Then people would be investing in companies rather than just a big, glorified gambling hall. +42 I can't see how anyone would consider the "1 year" time limit to qualify for LONG term gains to really be indicative of "an investment" (vs. a gamble). | You sound like you know what you're doing, so I | wouldn't be inclined to tell you that you should change, | but my way also works. Nearly all possible online attacks | require javascript. | | If you look at the history of vulnerabilities, you'd realize that's | not the case. Buffer overflow exploits are still common -- despite | EVERYONE knowing about this sort of potential problem (yet | continuing to write NEW code that has the same flaws). Buffer overflows require executable code. Yes -- the code in your browser or "helper applications" that it invokes. The point is to go back to what the Web was meant to be: A resource that can be accessed. Not remote software. The exploits I mentioned previously don't require any "remote software" to be executed from the 'net. *But*, as each of these non-ASCII-text files requires something to *interpret* their contents (as a photograph, audio clip, video clip, etc.) then those non-ASCII-text files are, essentially, *programs*! They control the behavior of their respective "decoders" when you apply those decoders to those files. Bugs in those decoders can thus be exploited to compromise the machine on which the decoders are executing. This is because Windows (and virtually all other desktop OS's) applies the full capabilities of the invoking user to any program (e.g., the decoder) running on his/her behalf! There is no way to limit what a particular program can/can't do -- other than HOPING the program itself "behaves well". A "capability-based" OS doesn't have this inherent limitation. E.g., I can let *you* write a hostile program and install it on my system. But, no matter how hard your program tries, it won't be able to do anything that I haven't explicitly allowed it to do. No need for you to be scribbling in the Registry -- or even *looking* at it; no need for you to be pushing packets out a network connection; no need for you to be installing any files; etc. -- all you need to be able to do is EXACTLY what *I* think you should be able to do (show me the contents of this JPG in a graphic form, etc.) However you look at it, nearly all risks online require script. It's true that there has been at least one issue with JPGs. That was actually a vulnerability in gdiplus.dll, the Windows extended graphics library. There was also once an issue with EMF files. It's not impossible to face a vulnerability with script disabled, but it's *very* unlikely. With script enabled, on the other hand, you're a sitting duck. If I email you a picture BigBoobs.jpg and you open it, then I've enticed you to expose your JPEG decoder to whatever contents that file may contain. Likewise if you visit a web page with a JPEG. If I email you a receipt for a purchase as a PDF, then the act of opening it means your "PDF decoder" has now been tricked into "interpreting" the information embedded in that file (just like a computer interprets a computer program). PDF exploits, as well as Flash, are also script issues. The MP4 bug you link to is a Flash problem. Likewise, the MP3 bug you linked to is with script in iTunes. What you're talking about is all executable code. The point is to get executable code out of the browser. Don't use The browser *is* executable code! The OS is executable code. The JPG decoder is executable code. The PDF reader is executable code. Anything that *does* anything does it by executing code! Adobe crap at all. Don't enable script. Don't install Java. Don't run videos and music in browser plugins like Flash. Don't enable script in your PDF viewer. (For me this is easy. I don't like things moving on webpages while I'm trying to read. If I want to see a video I'll download it, so I can save a copy, and play it in VLC. If http://www.zdnet.com/article/vlc-vulnerabilities-exposed/ "Vulnerabilities have been discovered in some versions of the popular VLC media player which may allow a cyberattacker to corrupt memory and potentially execute arbitrary code." http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=VLC_vulnerabilities.html Note that it doesn't matter if you run VLC from your browser or download the file and run VLC separately. "Vulnerabilities in VLC allow for remote code execution or denial of service. VLC also has a remote code execution vulnerability in the web interface." It's like the admonition from my youth regarding unwanted pregnancies: the only SURE contraceptive is ABSTINENCE! I.e., the only sure way to avoid these vulnerabilities is to NOT import anything that you didn't create yourself. "The only winning move is not to play" -WOPR |
#60
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-18, Tony Hwang wrote: How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I find shopping locally using cash to be easy and convenient. It's what I've always done, I'm not particularly going out of my way or changing anything to do it. Of course. Suit yourself. But IMHO, you're weird in this day and age. |
#61
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Tony Hwang wrote:
Of course. Suit yourself. But IMHO, you're weird in this day and age. To people my age paying in cash is normal, using credit/debit is the weird thing. I'm certainly not the only one, those cash registers are not being kept in service just for my benefit. What today's young people think of it is really of no interest to me. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#62
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Dan Espen wrote in :
Microsoft knew all along they couldn't stay the same size selling the same old OS for new machines only. People don't upgrade because the OS is good enough. MSFT is going to try to create an on-going revenue stream, but I think they'll fail. I hope so. Ultimately, they'll be a smaller company. Much smaller. One of my fondest aspirations is to live long enough to see the day that Microsoft files for Chapter 7 bankruptcy. |
#63
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 06:50 PM, Tony Hwang wrote:
Roger Blake wrote: On 2015-10-18, Tony Hwang wrote: How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I find shopping locally using cash to be easy and convenient. It's what I've always done, I'm not particularly going out of my way or changing anything to do it. Of course. Suit yourself. But IMHO, you're weird in this day and age. I think it's weird when someone pulls out their Mastercard at a grocery store to pay for a dozen donuts. I really get upset when the charge is refused and they have to hunt up another card that might have a little life in it. For a real fun time get in line behind someone with an EBT card and a pocketful of dead plastic. |
#64
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
| The exploits I mentioned previously don't require any
| "remote software" to be executed from the 'net. *But*, | as each of these non-ASCII-text files requires something | to *interpret* their contents (as a photograph, audio | clip, video clip, etc.) then those non-ASCII-text files | are, essentially, *programs*! They control the behavior | of their respective "decoders" when you apply those decoders | to those files. | That's not true. The exploits you listed all involve a weakness in executable code -- either compiled binaries or script. Most involve javascript. Many of those *also* require a binary like Flash. The rare exception would be something like the gdiplus.dll bug that could be exploited with JPGs. (Gdiplus was fairly new at the time.) Data files that are not interpreted as executable -- whether text or not -- are almost never a risk because they're not doing anything. (Again, I'd be interested to hear if there are any examples besides the one-time JPG issue, which was many years ago.) I've never heard of any vulnerability in HTML. It defines graphical layout. It's not interpreted as executable code. It's sometimes possible to crash a browser with faulty HTML, but that's just a case of "choking" the software. There's no executable code involved. | If I email you a receipt for a purchase | as a PDF, then the act of opening it means your "PDF decoder" | has now been tricked into "interpreting" the information | embedded in that file (just like a computer interprets a | computer program). | You're misusing the word interpet. A computer doesn't interpret a program. The program itself accesses the CPU, RAM and disk. Script is text that's interpreted as executable code, but that makes it just like a compiled program, in that the interpreter is a program acting under the direction of the script. A PDF is not interpreted as executable code. What the PDF reader gets from the PDF data is information about text, fonts, colors and layout. The problems with PDF are due allowing javascript in PDFs to run. | The browser *is* executable code! The OS is executable code. | The JPG decoder is executable code. The PDF reader is executable | code. Anything that *does* anything does it by executing code! | I don't know how many ways I can explain it. As I said, I'd be interested to know if you find any vulnerabilities that do not directly involve executable code. They're few and far between. In other words, a browser is, of course, executable code, but you can't hijack it by telling it to draw a table with a blue background. A browser is hijacked by getting it to run executable code -- via the javascript "engine" or a faulty plug-in. | Adobe crap at all. Don't enable script. Don't install Java. | Don't run videos and music in browser plugins like Flash. | Don't enable script in your PDF viewer. | (For me this is easy. I don't like things moving on webpages | while I'm trying to read. If I want to see a video I'll | download it, so I can save a copy, and play it in VLC. If | | http://www.zdnet.com/article/vlc-vulnerabilities-exposed/ | "Vulnerabilities have been discovered in some versions of the | popular VLC media player which may allow a cyberattacker to | corrupt memory and potentially execute arbitrary code." | http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=VLC_vulnerabilities.html | That's interesting. It's good to know about such things. But I'm not going to lose any sleep. I'm not using a VLC browser plugin, and there's very little motive for someone to put a video on youtube that will attack my system offline. Especially given that I don't download wacky cat videos from random posters. | Note that it doesn't matter if you run VLC from your browser or | download the file and run VLC separately. | "Vulnerabilities in VLC allow for remote code execution or | denial of service. VLC also has a remote code execution | vulnerability in the web interface." | Remote means remote. If you download a file and play it in VLC that's not remote execution. Remote would mean playing it via webpage or some other way of accessing it from a remote location. | It's like the admonition from my youth regarding unwanted | pregnancies: the only SURE contraceptive is ABSTINENCE! | I.e., the only sure way to avoid these vulnerabilities is | to NOT import anything that you didn't create yourself. I suppose that in the most extreme interpretation you're right. I've decided that having sex carefully, with my post-menopausal ladyfriend, is a "risk" I'm willing to take. Good luck with the inflatables. |
#65
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
rbowman wrote:
On 10/18/2015 06:50 PM, Tony Hwang wrote: Roger Blake wrote: On 2015-10-18, Tony Hwang wrote: How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I find shopping locally using cash to be easy and convenient. It's what I've always done, I'm not particularly going out of my way or changing anything to do it. Of course. Suit yourself. But IMHO, you're weird in this day and age. I think it's weird when someone pulls out their Mastercard at a grocery store to pay for a dozen donuts. I really get upset when the charge is refused and they have to hunt up another card that might have a little life in it. For a real fun time get in line behind someone with an EBT card and a pocketful of dead plastic. Hmmm, I bought a new car with my card. When dealer hesitated I was going to walk out the door. They don't like cash sale or full payment with CC. They make better money on financed cars. |
#66
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-19, Tony Hwang wrote: Of course. Suit yourself. But IMHO, you're weird in this day and age. To people my age paying in cash is normal, using credit/debit is the weird thing. I'm certainly not the only one, those cash registers are not being kept in service just for my benefit. What today's young people think of it is really of no interest to me. May I ask how old you are? |
#67
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Tony Hwang wrote:
May I ask how old you are? Old enough to have been paying cash at the butcher shop and the baker when real silver coin was still in general circulation. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#68
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-19, Tony Hwang wrote: May I ask how old you are? Old enough to have been paying cash at the butcher shop and the baker when real silver coin was still in general circulation. I still see some silver coins from now and then in our till. That does not mean you're old. |
#69
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Tony Hwang wrote:
I still see some silver coins from now and then in our till. That does not mean you're old. I'm talking about when they were all silver. When's the last time someone paid for something at your establishment with silver dollars? I used to use 'em all the time, they were nothing special. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#70
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 6:49 PM, rbowman wrote:
On 10/18/2015 06:50 PM, Tony Hwang wrote: Roger Blake wrote: On 2015-10-18, Tony Hwang wrote: How come? Online shopping is easy and convenient, they can data mine about me but I block all the spams, junk mails. I find shopping locally using cash to be easy and convenient. It's what I've always done, I'm not particularly going out of my way or changing anything to do it. Of course. Suit yourself. But IMHO, you're weird in this day and age. I think it's weird when someone pulls out their Mastercard at a grocery store to pay for a dozen donuts. I really get upset when the charge is refused and they have to hunt up another card that might have a little life in it. For a real fun time get in line behind someone with an EBT card and a pocketful of dead plastic. The *worst* is someone who fishes around for a checkbook... then starts hunting for a pen... then thumbs through *carbons* of previous checks to find check #7125... then starts writing out the check... then discovers that the ink cartridge is "retracted"... then discovering that the pen is *dead*... then hunting for scrap paper to "scribble on" to "reprime" the pen... then asking the cashier for a pen... then asking who the check should be paid to... then... and, EVENTUALLY, getting *****y* that someone waiting makes a comment about how SLOW they are! |
#71
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Don Y wrote:
The *worst* is someone who fishes around for a checkbook... then starts hunting for a pen... ... I'm with you there. I was never inclined to use checks in a store, just seems like a PITA with little if any benefit. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#72
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-19, Tony Hwang wrote: I still see some silver coins from now and then in our till. That does not mean you're old. I'm talking about when they were all silver. When's the last time someone paid for something at your establishment with silver dollars? I used to use 'em all the time, they were nothing special. Hey, I am up here in Canuck land. I never carry coins of any kind. I don't want holes in my pants pockets. Smart phone and CC is all I need. |
#73
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settingsis most difficult
Don Y wrote:
On 10/18/2015 4:06 PM, Tony Hwang wrote: Don Y wrote: If you're deliberately avoiding all of these "tracking/profiling opportunities", I suspect your lifestyle has *significantly* been compromised to make that happenn Simply put they know more about me than I know about myself, LOL! They have AN INTEREST in knowing -- you probably *don't*! : My MD asks me questions that I'd never think of asking myself. *He* knows how those things correlate with things that he might be looking for. Similarly, folks thinking of extending credit to me might be interested in how diligently I get annual physicals (i.e., if I don't exercise discipline over my own PHYSICAL HEALTH, I'm probably less likely to exercise discipline over my FISCAL HEALTH!) Folks always think there has to be some IDENTIFIABLE *reason* for a correlation. Actuaries (and others who make decisions based on probabilities) only care about the fact that a correlation APPEARS to exist -- they don't really care *why* as long as the correlation is statistically reliable! People who drive white cars tend to have fewer accidents. Is this because white cars are safer? Or, because people who aren't concerned with the color of their car tend to have a more cautious personality? Or, because OTHER drivers can more readily *see* white vehicles (to avoid them)? shrug Maybe it is easier to see white cars day or night. One of my BIL (wife's side) always buys/drives white cars. Once I heard from a painter, matching white or ivory black is most difficult. |
#74
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Tony Hwang wrote:
Hey, I am up here in Canuck land. I never carry coins of any kind. I don't want holes in my pants pockets. Smart phone and CC is all I need. You wanted to know how old I was - while I'm loathe to provide specific personal information I wanted to give you a ballpark indicator. Another is that I'm old enough to have watched 'I Love Lucy' and 'The Honeymooners' during their original run, on a TV set like this one: http://www.vintagetvsets.com/images/philcof1.jpg (I actually still have a set similar to the above, though it needs to be serviced.) If you want the details of your life to be an open book that is totally up to you. On the other hand, cash is freedom and privacy. I'll be sticking with it. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#75
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 6:52 PM, Mayayana wrote:
| The exploits I mentioned previously don't require any | "remote software" to be executed from the 'net. *But*, | as each of these non-ASCII-text files requires something | to *interpret* their contents (as a photograph, audio | clip, video clip, etc.) then those non-ASCII-text files | are, essentially, *programs*! They control the behavior | of their respective "decoders" when you apply those decoders | to those files. That's not true. The exploits you listed all involve a weakness in executable code -- either compiled binaries or script. Most involve javascript. Then spend some time and find examples that *aren't*. I have no skin in this game. Exploits will *always* be in "compiled code" -- that is being tricked into doing something that it wasn't properly designed to AVOID! Many of those *also* require a binary like Flash. The rare exception would be something like the gdiplus.dll bug that could be exploited with JPGs. Have oyou ever read the descriptions for the updates windows pushes? Ever notice how many claim to be to fix a "security vulnerability"? This is the polite way of saying the developer screwed up and didn't anticipate someone MISUSING the code he wrote. How does someone misuse code? Ans: they present it with "inputs" that have been crafted to exploit unexpected patterns in that data. I.e., violating basic ASSUMPTIONS that the developer made -- inappropriately. I received a nastygram from a bank many years ago claiming that they would have to withhold a portion of my interest income because I had not provided them with my SSN. Yet, my SSN was printed right below my name ON THAT LETTER! Guy who wrote the "code" to decide who should get those letters assumed "0" (in the corporate database) would indicate "no SSN". And, I'm sure he tried a test case with a bogus user having a SSN of "0". But, he implemented his test in such a way that anyone whose SSN *began* with '0' would be seen as having *no* SSN on file. Those of us who had SSN's issued in the Northeast ALL have SSN's beginning with '0'. Of course, as the bank was in Colorado and most customers were probably from that area (with SSN's that reflected that part of the country), it took a while for the software to stumble on folks (like me) that tickled that bug. That bug could just as easily have decided to mail me an interest payment, etc. (Gdiplus was fairly new at the time.) Data files that are not interpreted as executable -- whether text or not -- are almost never a risk because they're not doing anything. (Again, I'd be interested to hear if there are any examples besides the one-time JPG issue, which was many years ago.) Sit down with Google and an hour of *your* time and I'm sure you'll be able to find lots of exploits. PDF's are a habitual source of vulnerabilities -- largely because PostScript is a Turing-complete programming language (and PDF's are based on PS). I've never heard of any vulnerability in HTML. Thirty seconds with google: CVE-2014-6332 "The IBM X-Force Research team has identified a significant data manipulation vulnerability (CVE-2014-6332) with a CVSS score of 9.3 in every version of Microsoft Windows from Windows 95 onward" "The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine — even sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free." It defines graphical layout. It's not interpreted as executable code. It's sometimes possible to crash a browser with faulty HTML, but that's just a case of "choking" the software. There's no executable code involved. All input causes a program to alter its behavior. So, *any* input can conceivable lead to an exploit in an inadequately designed application. Passing letters to a program expecting digits can cause that program to barf. The Y2K bug could manifest in many ways based on how the date processing code responded to the "unexpected" '2' in the leftmost position (I've seen dates displayed as "1 January 19A0") Passing too many characters to a program expecting a lesser number can cause it to barf (buffer overrun). If "barf" results in the contents of some portion of memory being overwritten, then you can carefully craft an exploit that puts "specific" values in that memory | If I email you a receipt for a purchase | as a PDF, then the act of opening it means your "PDF decoder" | has now been tricked into "interpreting" the information | embedded in that file (just like a computer interprets a | computer program). You're misusing the word interpet. A computer doesn't interpret a program. The program itself accesses the CPU, RAM and disk. It's a semantic difference with no consequence. Doesn't the CPU's *hardware* "interpret* the bytes that are fed to it via it's bus interface unit? If I write a simulator and feed it the same byte sequence, it is clearly interpreting the bytes yet the result is the same. A program processing input is a PROCESSOR. It is interpreting the input and REACTING according to rules that are encoded into its implementation. Just like a CPU interprets opcodes and REACTS according to the rules encoded in its implementation. [You do realize that most CPU's, nowadays, are microcoded? I.e., there are little PROGRAMS running in response to each byte fetched. These programs *emulate* the legacy instructions that we think of as "x86 machine language"] Script is text that's interpreted as executable code, but that makes it just like a compiled program, in that the interpreter is a program acting under the direction of the script. A PDF is not interpreted as executable code. What the PDF reader gets from the PDF data is information about text, fonts, colors and layout. The problems with PDF are due allowing javascript in PDFs to run. No. PDF's encapsulate PostScript. Sit down with a PS manual and WRITE A PROGRAM... IN POSTSCRIPT... to print the numbers from 5 through 27. Then, write a PROGRAM to convert any numeric entry to its textual equivalent; e.g., 123 -- one hundred and twenty three. Do this with Acroscript disabled! Better yet, take that "program" and send it to your PostScript *printer* (which has no concept of Jscript!). You'll find that it generates the same correct output! | The browser *is* executable code! The OS is executable code. | The JPG decoder is executable code. The PDF reader is executable | code. Anything that *does* anything does it by executing code! I don't know how many ways I can explain it. As I said, I'd be interested to know if you find any vulnerabilities that do not directly involve executable code. What do you mean, like files that compromise the computer WHEN THE POWER IS OFF? When the computer is *on*, it is executing code. The code that it executes was created by a fallible human being. That developer's ASSUMPTIONS are embodied in the code. Exploits take advantage of these assumptions to trick the code to do things that it wouldn't otherwise do -- if presenteed with CORRECT (expected) INPUT. They're few and far between. In other words, a browser is, of course, executable code, but you can't hijack it by telling it to draw a table with a blue background. Sure! If the part of the browser that parses the HTML to recognize "blue" figures the only colors that will ever be specified in an HTML file ("input" to the browser) are red black chartreuse yellow pinkpolkadotted coffee and, as a result, pinches pennies and allocated a buffer to store the color name and allows that buffer to hold 15 characters (the length of the longest expected color name -- "pinkpolkadotted"), then I can create a web page that says "draw a table with a background that has the color DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD DDDDD". The sloppy browser code sees the "color" keyword and then gobbles up the next "word" -- expecting it to be a color. Since it KNOWS the longest (legal) color name is "pinkpoladotted", it won't be prepared for those extra 40 characters (there are 55 D's in the above example). So, whatever resides in memory AFTER that buffer that stores the color will be overwritten with 40 D's (the first 15 D's will reside in the buffer). This might have amusing effects. Or, might crash the browser. Or...? I might, instead, have to pass a string of 5000! D's in order to ensure something much farther away from that color bufer gets clobbered. But, I can play around all day to see what gives the results I seek -- I've got the same browser available on *my* computer and I can actually WATCH to see what gets clobbered *inside* the browser. A browser is hijacked by getting it to run executable code -- via the javascript "engine" or a faulty plug-in. Or a fault in the browser's code itself! | Adobe crap at all. Don't enable script. Don't install Java. | Don't run videos and music in browser plugins like Flash. | Don't enable script in your PDF viewer. | (For me this is easy. I don't like things moving on webpages | while I'm trying to read. If I want to see a video I'll | download it, so I can save a copy, and play it in VLC. If | | http://www.zdnet.com/article/vlc-vulnerabilities-exposed/ | "Vulnerabilities have been discovered in some versions of the | popular VLC media player which may allow a cyberattacker to | corrupt memory and potentially execute arbitrary code." | http://www.saintcorporation.com/cgi-bin/demo_tut.pl?tutorial_name=VLC_vulnerabilities.html That's interesting. It's good to know about such things. But I'm not going to lose any sleep. I'm not using a VLC browser plugin, and there's very little motive for someone to put a video on youtube that will attack my system offline. Especially given that I don't download wacky cat videos from random posters. In your last post, you suggested VLC was a way you could *protect* yourself from browser vulnerabilities. What's your *new* scheme given that VLC is vulnerable? Are you sure your alternative won't also have some OTHER vulnerability? | Note that it doesn't matter if you run VLC from your browser or | download the file and run VLC separately. | "Vulnerabilities in VLC allow for remote code execution or | denial of service. VLC also has a remote code execution | vulnerability in the web interface." Remote means remote. If you download a file and play it in VLC that's not remote execution. Remote would mean playing it via webpage or some other way of accessing it from a remote location. So, I embed the instructions in the video file to do the damage that I want OFFLINE! Remote exploits are more precious to a hacker because *he* can then control the actions of your machine -- instead of embedding those actions unconditionally in the exploit. [The days of erasing hard disks as an exploit are long gone] None of the Iranian centrifuges were internet connected... | It's like the admonition from my youth regarding unwanted | pregnancies: the only SURE contraceptive is ABSTINENCE! | I.e., the only sure way to avoid these vulnerabilities is | to NOT import anything that you didn't create yourself. I suppose that in the most extreme interpretation you're right. I've decided that having sex carefully, with my post-menopausal ladyfriend, is a "risk" I'm willing to take. Good luck with the inflatables. |
#76
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
Roger Blake wrote:
On 2015-10-19, Tony Hwang wrote: Hey, I am up here in Canuck land. I never carry coins of any kind. I don't want holes in my pants pockets. Smart phone and CC is all I need. You wanted to know how old I was - while I'm loathe to provide specific personal information I wanted to give you a ballpark indicator. Another is that I'm old enough to have watched 'I Love Lucy' and 'The Honeymooners' during their original run, on a TV set like this one: http://www.vintagetvsets.com/images/philcof1.jpg (I actually still have a set similar to the above, though it needs to be serviced.) If you want the details of your life to be an open book that is totally up to you. On the other hand, cash is freedom and privacy. I'll be sticking with it. Both you and the TV set is antique, dinosaurs, LOL! I am guessing I am as old as you are. |
#77
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 2015-10-19, Tony Hwang wrote:
Both you and the TV set is antique, dinosaurs, LOL! I am guessing I am as old as you are. Always tough to tell in this medium. I've found most of the smartphone crowd tend to be youngsters but there are always exceptions. -- ----------------------------------------------------------------------------- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.) NSA sedition and treason -- http://www.DeathToNSAthugs.com ----------------------------------------------------------------------------- |
#78
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 08:11 PM, Tony Hwang wrote:
I bought a new car with my card. When dealer hesitated I was going to walk out the door. They don't like cash sale or full payment with CC. They make better money on financed cars. I just write a check. The last car I bought the salesman kept launching into his financing deal even though I'd made my intention to pay cash clear. He just couldn't help himself; it was part of his programming. The last time I financed was back in '80 when they had a $99 down 0% deal to try to move cars off the lot. It was GMAC's money and boosted my credit rating. I'ts just how I was brought up. You save the money and then you buy what you want; you don't go in hock for it. |
#79
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 08:37 PM, Don Y wrote:
The *worst* is someone who fishes around for a checkbook... then starts hunting for a pen... then thumbs through *carbons* of previous checks to find check #7125... then starts writing out the check... then discovers that the ink cartridge is "retracted"... then discovering that the pen is *dead*... then hunting for scrap paper to "scribble on" to "reprime" the pen... then asking the cashier for a pen... then asking who the check should be paid to... then... and, EVENTUALLY, getting *****y* that someone waiting makes a comment about how SLOW they are! That really burns my butt at Costco. You sign the check and the cashier runs it through the machine that prints the rest but you always have half blind, half senile Aunt Millie trying to fill it out for herself. |
#80
Posted to alt.home.repair
|
|||
|
|||
Check your Windows 10 block settings
On 10/18/2015 08:46 PM, Tony Hwang wrote:
Hey, I am up here in Canuck land. I never carry coins of any kind. I don't want holes in my pants pockets. Smart phone and CC is all I need. That works until it doesn't. Around here it isn't hard to find stores that don't do plastic and cell reception gets spotty outside of town and the interstates. |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Glass Block Windows | Home Repair | |||
What storm windows block outside noise? | Home Ownership | |||
LCD Flicker. And windows won't keep changes to the display settings! | Electronics Repair | |||
Glass Block Windows | Home Repair | |||
TV does not remember channel settings, image settings, and sound settings after having been shut down | Electronics Repair |