…. Oh!
You just explained a question I had.
I couldn’t figure out why a pin was considered more secure.
In my reasoning: How is a PIN (potentially numeric only), changed 1x a year, safer than a password (3 of 4: Alpha, Mixed case, numeric, special chars), changed 4x a year.
The answer, as you explained, is scope of trust. Machine only vs tenant-wide. That makes sense.
I could accept that it has to do with azure propagation delays, but the verbiage was explicit about our computers syncing to the tenant. (Vs. data propagating across it.)
I sort of reject the idea that there’s nothing nefarious going on. The misdirect is weird.
Unless they’re salting the hashed data with information they can’t access, they’re just creating a database of faces and fingerprints.
Sure, maybe if their cryptography is good the DB cannot be reversed but they can still use an unsalted database to give match/no match info on scans of faces and fingerprints submitted to it.
But also, I firmly don’t trust Microsoft. They’ve violated our ELA several times - mostly around applying analytics tools to our data without consulting us first. (Like rolling out MS Viva without telling us.)
My company just mandatorily implemented “Windows Hello”
No one seems to be able to tell me why the information from Microsoft says the fingerprint and face scans are both “local only” and may take 24 hours to sync after initial setup. Where are they syncing to?
(I opted for the ‘pin’ method instead of surrendering my biometrics.)
Of course they knew. It’s a Facebook joke. Why would the Macomb Daily News call itself MaCumb?
I’ve had to help users see the light when AI claimed it had the solution for a problem, but after 3 troubleshooting steps, it invoked menus from programs other than the one they were using.
The users then kept telling me that they had their original issue, plus their software was missing features.
And while that’s great when, I guess, it makes for more feature-rich software. It’s a nightmare when the answer is a solid and resounding “No, that doesn’t work that way” and AI doesn’t want to tell someone no, so it lies.
Not just that, but since they nuked everyone’s pensions and started investing retirement funds into the stock market, it has become both a measure of wealth transfer, and a way to ensure that if the market tanks, the folks with more liquid stock assets could get out first! The workers with their retirement plans are limited in how much they can move assets around.
Which is to say: It’s both a measure of wealth transfer and a giant Ponzi scheme!
My old apartment used to be set up in just such a way that after a midday shower, you would see a small Brocken Spectre’s centered around each of your eyes when you looked in the mirror. It was honestly kind of terrifying. The first time I noticed it, I wondered if I’d finally lost it.
Glowing circles around your black eyes in a fogged mirror.
I think that means I have the opposite of a pot of gold in me.
I’ve begun to use nonsense statements, made up words, and random vocalizations to make the bots think they couldn’t help me. That usually gets me to a human faster.
My circulation is terrible. I’ll have cold feet and hands while my core is too hot. Sometimes I will move the blanket so it’s over my feet and arms but my body is just under sheets. I need a blanket that is like a reverse vest.
I often tell people “I’m doing what I can with what I got.” as both a response to compliments and requests for effort.
What I got can be a lot, but I am one person battling neurodivergence, depression, and the shredding maw of capitalism in a system hijacked by christo-fascist lunatics.
I wish the article had more details about why they’re convinced it’s a black hole and not a neutron star.
They do say it could be either (once), but then only refer to it as having turned into a black hole through the rest of the article.
Have not clicked the link for the remake yet, (I was too excited to respond to your comment) but I freaking loved Orta. It was one of the first video games that I think I ever really got into.
Like I said, I’m weak on the science. I’m more of a computer person.
Most of what I know is based on either a Practical Engineering or Matt Ferrell video, but I’m interested in the topic, if a little too busy to dig deeply enough to get past the marketing. If you have a good info source on the matter, I’d love to check it out.
With that said, the first paragraph is not really applicable to my concern, which is that a grid connected panel + battery could be hacked. En masse, they could dump power onto the grid and fry transformers or take out substations. (Which smarter people than I have identified as a concern, re: EV chargers.)
That’s the dream. After years I finally got serious about learning/implementing VLANs and have begun to isolate everything out/properly firewall them. Most of the smart home stuff is already Z-Wave/Zigbee, but the few devices that aren’t are mostly already migrated onto a dedicated IOT network, as is the hubs, where only devices that have business talking to each other can even see one another.
I have yet to play with tailscale, but it’s on the list.
Hm. Imprecise on my part.
The panels aren’t the concern. It’s stored energy in the battery that can be dumped onto the grid, along with the stored energy of other compromised systems.
The article I linked outlines a scenario like what I’m describing being possible with EV’s that have had their chargers hacked.
I love the idea. Scares the shit out of me.
I’m not as concerned with these things starting house fires, but I want to explain that away first. I’m a little weak on the science, but my understanding of how these work is that they attune to the grid frequency and voltage to deliver power at a slightly lower frequency than what is provided by your wall plug. This allows them to augment your home power use without refeeding power into the local grid. IIRC, if there’s no wall power, they only offer power through outlets on the devices themselves, vs through the wall plugs.
And, I think that the above safety feature will prevent over-amperage situations for in-house wiring loops, since the device cannot exceed the power delivery of the circuit it’s plugged into, when operating normally.
These things scare the shit out of me because the U.S. power grid is badly under-engineered. Before actual electrical engineers hunt me down and kill me, think of building a bridge. You can do that by just pouring a billion tons of concrete into a ravine. But building something that is material and budget conscious while being safe enough to avoid lawsuits is not what I’m getting at. (Think of the phrase “Anyone can build a bridge, but not anyone can build a bridge that barely stands.”)
It’s a feature, not a bug. Otherwise, power lines would be I-Beams and we’d have some sort of insane switching technology to isolate and shut off every single segment of the grid.
But we don’t! Homes are never disconnected from the grid unless specialized hardware is installed at the meter to disconnect them. (Which happens for distributed/co-generation scenarios.)
The existence of always connected power generation or storage sources as a potential threat vector is well known. In 2023, it caused a minor kerfluffle as several brands of EV chargers were shown to be easily hackable and as few as 300 of them could be used to take down a regional power grid. Not everyone can afford an EV, and usually those users are a tad more tech savvy. They generally are not buying third party chargers, anyway.
But the rate of adoption for these devices could be significantly higher. The law of averages being what it is, I think these pose a much higher threat to the grid from hacking. Everyone loves apps. No one thinks about security. They could easily exploited, rooted, and have their safety features disabled. Who needs 300 EV’s when you have 300,000 balcony chargers?
Funnily enough, these would be in high demand if the U.S. grid got fried. It would take years to undo the damage.
I like smart home stuff. I hate my privacy being invaded. It’s a very thin line to walk.
A company recently released a product that promises to be Matter compatible. By the time the product arrived, they edited their product description to say it worked with Matter if you bought their always online hub, created an account, let their hub talk to the internet, and then installed their internet-connected plugin to Home Assistant. (So it’s not that HA talks to these devices, or that it talks to their hub. It logs into the company’s servers to get the current state of the device.)
I wrote a review outlining this. An AI bot sent me a message offering me additional products from this company. (Ha!) And included the line “We strictly adhere to data protection regulations” … in the U.S?
Laughably misleading.
If I had the stomach to ever attend one, now would be a great time to start a “drain the swamp” chant at a conservative rally.
I had the creepiest conversation with a cop a few months ago.
My neighborhood is seemingly getting rougher by the day. I do have a video doorbell, but it’s not one of the major U.S. brands.
Anyway, it was trash day. Garbage had been collected. I had noticed several police cars around, but didn’t see any police. I went to collect my bins, and one of them popped out of nowhere to chat at me.
He was light on details, but needed to track the comings and goings of a parking lot across the street from my house. Didn’t need super clear images, just said he needed timestamps for a timeline. Said my camera angle was ‘perfect’.
And it is! I get so many alerts that I disabled it unless motion is detected within the area of my yard. (Which was not helpful to them.)
But he was explaining this to me, and said that he needed me to send them the video (before I told him that it was unlikely I had video, and then confirmed that I did not with him). A moment later, he did a quick scan of my various neighbors houses, and said (to himself) “Okay, that’s a Ring, that won’t be a problem.”
A problem?!? Just casually warrentlessly seizing footage from people’s homes is not a problem?
For those curious, the system I currently have is by Eufy and I cannot recommend the brand. Anker as a brand has been great (Eufy’s parent company), but I find the Eufy app to be riddled with spam, the offered features to be mediocre, and generally, customer service to be poor. They even had an amazon review removed once. (I called their app a piece of crap, and they hit it with a community standards warning to get it removed.)
It’s also a few days into Ramadan, a holiday where Muslims fast while the sun is up. (It lasts approximately from fat Tuesday to Easter.)
So, you know, if you want to fuck up someone’s day, make ‘em work extra hard while hangry.
(Which is not necessarily true. IIRC, much of the religious understanding and forgiveness in Islam is about intent. They might be cool with breaking a fast when facing an existential threat. But it’s Iran, sooo…)