New Computer Tips.

[Link | 2,734]

2 hours ago, Code Monkey said:

If you try and go from Open Office to Office 365, it will convert completely fine. I always have a hard time explaining this to my corporate users that try and tell me it all works fine when they use Word so therefore it must be Open Office that has the problem. No, it isn't, it's Word inserting the poor formatting.

Theoretically, that’s just great.

Practically speaking, when MS Office is what you have at work in a corporate environment, all of that means zip and zilch. Taking a document back and forth or sharing with coworkers is quite unpleasant. 

[Gloves | 11,841]

2 hours ago, Code Monkey said:

What would be even more secure is to use a password manager and allow it to automatically assign you 60 character alphanumeric random passwords which you don't even need to remember.

This is what I do, and I do suggest it. Sadly many websites have pretty shit proprietary password logic which makes me concerned for their overall security, such as "No special characters" or "Between 8 and 16 characters", or the dreaded "At least 1 capital letter, one number, and 1 special character". I get what they're going for, but it creates a need for layman users to create memorable passwords which incorporate forced "security" logic and leads to passwords like "!Password1", which is incredibly easy to crack. 

Where I can help it, most of my passwords look something like this:

hfqN!niKHP@zRE9Gg3a79NhF6oQzNPASB9y&@NbB

[Murray | 2,449]

Does VGS have SSL? 

[Code Monkey | 2,014]

28 minutes ago, Gloves said:

This is what I do, and I do suggest it. Sadly many websites have pretty shit proprietary password logic which makes me concerned for their overall security, such as "No special characters" or "Between 8 and 16 characters", or the dreaded "At least 1 capital letter, one number, and 1 special character". I get what they're going for, but it creates a need for layman users to create memorable passwords which incorporate forced "security" logic and leads to passwords like "!Password1", which is incredibly easy to crack. 

Where I can help it, most of my passwords look something like this:

hfqN!niKHP@zRE9Gg3a79NhF6oQzNPASB9y&@NbB

The password length is the worst. All password hashes are the exact same length so if they're forcing a maximum length on you, then they're storing your password in their database as plain text and they're worried about space. Otherwise if they're hashing it anyway, there's no reason to have a maximum character limit.

[arch_8ngel | 1,597]

1 hour ago, Code Monkey said:

On an encrypted storage medium? Absolutely zero. The FBI were even unable to recover encrypted user data without the encryption key when the owner of Lavabit refused to provide it.

https://www.theguardian.com/world/2013/oct/03/lavabit-ladar-levison-fbi-encryption-keys-snowden

If you're using a proper online manager, it is absolutely impossible for your information to get leaked. Those leaks only happen from insecure storage.

The total loss comment wasn't about passwords -- it was about the practical risk of losing backed-up data at home.

Unless you live in CA wildfire country, the practical risk of total loss from a house fire is pretty low, or else homeowner's insurance would be WAY more expensive.

Versus online services that are hacked by major state actors on a seemingly regular basis.

[Code Monkey | 2,014]

20 minutes ago, arch_8ngel said:

The total loss comment wasn't about passwords -- it was about the practical risk of losing backed-up data at home.

Unless you live in CA wildfire country, the practical risk of total loss from a house fire is pretty low, or else homeowner's insurance would be WAY more expensive.

Versus online services that are hacked by major state actors on a seemingly regular basis.

That's how I answered it, Lavabit was an email server. If you keep your data on a properly encrypted storage medium, it is literally impossible for someone to hack it. The actors get hacked because someone gets into their email (which is easy) and in there they find 20 different "forgot password" emails with access to all of their online accounts. Or they make their password "password." Or they lay their phone down at a party and someone picks it up, goes to their iCloud storage and adds another user in there.

It's always user error. Their accounts aren't actually getting hacked at the server level, that's just something the media writes because they don't know the difference or don't care.

You know the recent Nintendo leak?  Do you know how that happened? They didn't get into any servers, someone hacked an employee's email and most of the ROM files they recovered from that leak are from email attachments. It's taking so long to discover it all because people have to literally go into each .eml file and look at each attachment individually to figure out what it is. There are thousands.

Edited March 24, 2021 by Code Monkey

[Lincoln | 230]

Apple products are generally more secure than windows machines. Even so, you should have some sort of AV. I dont know if mac os has a good default or not but most 3rd party options on windows are basically malware themselves. If you're going to run windows in a vm or dual boot or however it works now, windows' built in AV is solid.

Get a good browser like firefox and an adblocker plugin- ublock plus is the gold standard. This is essential, web ads are a significant attack vector for modern environments. 

Beyond that, being smart is your best defense. Dont click links in unsolicited messages, dont run apps you aren't familiar with, dont share your passwords, etc. 

You probably don't need a vpn. If you insist, basically anything but nordvpn.

Keep copies of anything important in multiple places. Your local computer, web storage, off site physical storage. The idea being losing access or integrity in any single source isn't catastrophic. Keeping only online copies of things is terrible advice. Thats just someone else's computer you currently have permission to use, and that can change for no good reason.

 

Edited March 24, 2021 by Lincoln

[a3quit4s | 4,126]

2 hours ago, Gloves said:

This is what I do, and I do suggest it. Sadly many websites have pretty shit proprietary password logic which makes me concerned for their overall security, such as "No special characters" or "Between 8 and 16 characters", or the dreaded "At least 1 capital letter, one number, and 1 special character". I get what they're going for, but it creates a need for layman users to create memorable passwords which incorporate forced "security" logic and leads to passwords like "!Password1", which is incredibly easy to crack. 

Where I can help it, most of my passwords look something like this:

hfqN!niKHP@zRE9Gg3a79NhF6oQzNPASB9y&@NbB

I'm with this except I'm cheap and don't pay for last pass so if I have to enter a password into a browser that isn't on my phone arggghhhhh

Edited March 24, 2021 by a3quit4s

[a3quit4s | 4,126]

1 hour ago, Murray said:

Does VGS have SSL? 

From Amazon Certificate Manager! This is likely so the termination can be handled on the application load balancer since many other tenants likely occupy the same instance or instances that VGS does!

Edited March 24, 2021 by a3quit4s

[arch_8ngel | 1,597]

41 minutes ago, Code Monkey said:

That's how I answered it, Lavabit was an email server. If you keep your data on a properly encrypted storage medium, it is literally impossible for someone to hack it. The actors get hacked because someone gets into their email (which is easy) and in there they find 20 different "forgot password" emails with access to all of their online accounts. Or they make their password "password." Or they lay their phone down at a party and someone picks it up, goes to their iCloud storage and adds another user in there.

It's always user error. Their accounts aren't actually getting hacked at the server level, that's just something the media writes because they don't know the difference or don't care.

You know the recent Nintendo leak?  Do you know how that happened? They didn't get into any servers, someone hacked an employee's email and most of the ROM files they recovered from that leak are from email attachments. It's taking so long to discover it all because people have to literally go into each .eml file and look at each attachment individually to figure out what it is. There are thousands.

I understand that social engineering attacks of one sort or another are the weak link, most of the time. -- using "hacking" in a very broad sense in the above comment.

 

I guess i'm just not on the wavelength of what matters to you guys on this part of the conversation (saving to cloud vs physical backup), since to me the only "digital data" that really matters is banking and brokerage data -- which isn't really on my system anyway, though I'll definitely save backups of monthly statements.

Anything work related, for me, is backed up on work servers, and can't legally be in the cloud somewhere anyway.

And family pictures, etc -- they're in the cloud automatically on most phones, but aren't really something I care about someone stealing if there was a data breach.  But even for those -- the risk of catastrophic loss if they're backed up at home is pretty low.

 

 

EDIT: I'll certainly grant that if you live in CA wildfire country then the risk of total loss to fire is a more plausible concern than it is to the rest of us, though.

Edited March 24, 2021 by arch_8ngel

[Gloves | 11,841]

57 minutes ago, a3quit4s said:

I'm with this except I'm cheap and don't pay for last pass so if I have to enter a password into a browser that isn't on my phone arggghhhhh

I use Dashlane, personally.

[JamesRobot | 5,837]

Press the windows button + the period button to use emojis from your PC.

[CMR | 522]

I wouldn't bother with an antivirus software.  It's just going to make your PC slower than it already is if you're a windows user.

[Daniel_Doyce | 477]

10 hours ago, Code Monkey said:

Are your disconnected hard drives in the same house? A single fire would wipe it all out.

 

Yes. I do have a separate thumb drive in a different location with all the files I really consider important, though. When you get down to it, it's surprising how little is truly essential