Readit Newssignaler commented on Extracts passwords from a KeePass 2.x database, directly from memory github.com/denandz/KeeFar... · Posted by u/dsr12
As a countermeasure to this, you can 'pepper' your passes or secrets with reserved letters / symbols that only you know about. For example if a pass is
You simply omit the exclamation symbol, and reveal the real pass which is:
That's a very basic example, and can be made as complicated as your brain will allow. The older you are, the harder this gets to do small byte flips like this.
Trusting a company to provide a good client-side encryption implementation and trusting a company to safely hold encryption keys in escrow are two completely different issues.
I wouldn't hand over disk encryption keys to Apple no matter how much I trusted them, purely because they're in a form where Apple could access them without my intervention, and they could conceivably be legally forced to hand over those keys by some government entity in the future.
Apple's argument against decrypting iOS devices hinges on the fact that they don't retain those keys, and therefore can't decrypt them for the government.
It depends on what you mean by 'key' though. In escrow situations, there is the likelihood of a very strong key provided by Apple, and a horrendously weak key provided by the person. What gets a pickle from me is that Apple have some carte blanche reason to involve themselves remotely in U.S sanctioned soil to then intermediate the decryption.
A mental inventory of bloggers who routinely say they did not hand over their HD unlock keys to Apple haunts my mind after reading this. Apple are one of the few tech companies who could throw money at the crypto debate and win some Internet Points, but they would have to counter the claims of many bloggers who said they don't trust Apple to guard their unlock keys
signaler commented on Mountain Duck – Cyberduck for mounting volumes in the file explorer mountainduck.io//... · Posted by u/signaler
I'm not familiar with this space but is this the first of its kind? Or are there better ones? I actually think I may want to use it to manage my s3 assets. Would be helpful to know if there are alternatives and why this is better
There's quite a few programs like this, and I've tried them all. What makes this look promising is the peeps behind Cyberduck fame are creating it. I always wanted that feature in Cyberduck, where you can mount any arbitrary legacy file system. All the others I've tried are half-baked attempts and horribly buggy.
A very simple example is that of Google which gives you a Wikipedia summary of a topic, but that's too simple.
In your case you are looking for some way to heatmap certain keywords, or even the tone of a piece of content. You could go further and see the context of the content (which is presumably some form of document which can be parsed).
There are innumerable things online to do this. My first port of call is to trawl Github and find a repo on there which does this.
Just be careful of online services which are hoovering up your query and making off with your data...
My blog http://blog.higg.im/ sits on a private NGINX server and is proxied with a CDN to address traffic spikes. I used to think my blog didn't get that much traffc and a CDN seemed like overkill. I never liked serving a site from the raw Apex IP because it's too easy to boot offline (DDOS'd).
I wrote about this setup on the blog:
"Why I run this blog on MaxCDN and Ghost"
http://blog.higg.im/2015/02/10/why-i-run-this-blog-on-maxcdn...
And very worth it getting a site off the apex too:
http://blog.higg.im/2014/03/10/getting-jque-re-off-the-apex/