#qi-hardware IRC log for Saturday, 2013-09-07

newcupwpwrak: the password safe device is a good idea. I'd buy one11:22
newcupof course depending on the price. I bought a wikireader for about 20¬ (nice device too), and that felt like a bargain11:23
kyakyes, it's interesting11:25
kyakhttp://irclog.whitequark.org/qi-hardware/2012-10-23#206505111:28
kyakbasically, it's here : http://www.cryptx2.com/11:29
wpwrakprice point would be higher, maybe around USD/EUR 50 at a large enough volume. wikireader is a lot simpler. no usb, no rf, etc.11:29
kyakthere was a long discussion started by e2580 user, which you can follow in logs11:29
kyakso i'm just wondering about two things: 1) are you reinventing the wheel? 2) do you plan this for real? i mean, it seems like a lot of human and money resources are needed11:30
wpwrakah yes, i remember it. did anything come out of it ? they missed their indiegogo goal by a wide margin.11:31
kyakwell, they have a web site and semi-professional video introduction :)11:32
kyakthat's all i know11:32
wpwrakit would be rather different: with a display and a keyboard. more like an agenda than such a "key" dongle11:32
wpwrakand it does sound like a fun hobby project, doesn't it ? :) that wouldn't directly produce a marketable product, but something that could be built upon11:33
kyakthey also claim it's open hardware and you can program it with your software11:36
kyakif you don't plan to produce a ready to use (and ready to sell) product, then yes, it's a fun project11:39
kyakbut people might think you are aiming for something else11:39
kyaksee, they already say that they would buy one :)11:39
wpwrakthese are good indicators :)11:40
wpwrakin any case, for serious production funding you either need to have a) a lot of money, b) an investor, c) a sexy prototype you can show off to crowed funding.11:45
wpwraki don't have a). the history of qi-hw is marked by reliably sucking at finding b). that leaves c), to which a hobby project would lead.11:46
kyakok, this sounds more like a plan11:50
jow_laptop /win 311:55
jow_laptopsorry :)11:55
qi-bot[commit] Paul Cercueil: Change API of InputManager: we don't care about key release events (packages) http://qi-hw.com/p/gmenu2x/dba6c3215:13
qi-bot[commit] Paul Cercueil: Make the InputManager handle analog sticks as input (packages) http://qi-hw.com/p/gmenu2x/3ce314c15:13
ysionneauwpwrak: I would buy a password safe, very good idea :)15:57
ysionneauwouldn't it be cool to for instance unlock the safe by typing the master passkey on the device keyboard, then chose the ID of the key we want to use, then plug the safe to the computer by USB15:58
ysionneauand then the password safe would act like a USB HID device and emit the key strokes to enter the password15:58
ysionneauso that it would work virtually everywhere (in the browser, terminal, tty, email client etc)15:59
ysionneauwith no plugin or anything15:59
ysionneaulike Yubikeys do15:59
ysionneauso that you can use strong passwords and *not* have to type them :)15:59
ysionneauand not have to display them on the password safe device either16:00
ysionneauI don't know if hardened USB cable exist, so that the cable does not emit electromagnetic signals far away, to prevent others from sniffing the USB transactions and decode the HID and then get your precious password16:01
whitequarkysionneau: I think regular shielded cables would work16:09
whitequarkbut this is a rather sophisticated attack; you have much simpler ones (ie, phishing) to worry about16:09
ysionneauindeed16:15
ysionneauand social engineering :)16:15
whitequarkyeah16:15
ysionneauespecially on older people16:15
hellekinyes, older people are proven to be more susceptible to social engineering.16:21
hellekinthey can't read bad intentions so well it seems16:22
whitequarkthis always striked me as strange16:23
whitequark*struck, grr16:23
whitequarkwon't they have lots of life experience, compared to green and young people?16:23
Action: whitequark shrugs16:23
hellekinI guess it makes sense considering you've make it so far, so your brains got sloppy on trust issues16:24
hellekinI should say: made it so far despite all the bad guys16:24
hellekindammit whitequark you made my English worse :]16:25
whitequark:/16:27
hellekinj/k don't worry. I got sloppy with more Spanish.16:28
ysionneaumaybe with the age there is some drop in intellectual capacities16:32
ysionneaufor some people16:33
ysionneauthis + illnesses16:33
paul_boddieI can think of a few reasons why older people find various things unintuitive.16:45
paul_boddieFirst of all, as you get older you don't have the patience for all the messing around that technology makes people do.16:46
paul_boddiePeople expect stuff to behave logically and not require "tricks" to behave normally, whereas children will regard it as part of the fun.16:47
paul_boddieAnother thing that confuses people is that their life experiences aren't necessarily portable to the new paradigm.16:48
paul_boddieI think technology lets a lot of people down for the sake of appealing to short attention span hipsters who just want cool demos to show off with.16:50
wpwrakysionneau: (like USB HID) that's exactly how i imagine it :)16:56
wpwrakpaul_boddie: like, obsoleting phones - along with their UIs - within two years :)16:58
paul_boddieIt's funny to see 80% of the people on the train staring and poking at their phones and tablets. The Matrix realised at last! ;-)17:01
larscwelcome to the infromation age17:01
wpwrakinfromation: from Fr. "fromage", cheese. 1. a process that produces in subjects brains with holes, like cheese17:05
wpwrakysionneau: one could even take it one step further: generate a password/passphrase on the password safe, and never show it to the user17:06
wpwrakso the next time you travel to the UK, take your laptop with an encrypted disk with you, plus your PW safe and an empty uSD. put your PW safe data on a PC that will allow access only after you've arrived, e.g., 12 hours after entering the UK. in the UK, they could jail you for not revealing a password. and they can hold you for up to 9 hours just because they can.17:08
wpwraksince you don't know the password, you may be able to worm yourself out of all this. of course, they could still make you have an "accident" or decide that they don't really care about their own laws.17:09
larscwell to the outside world there is no difference between not knowing the password and knowing the password and saying you don't know it, so they jail you anyway17:11
larscI think the law is that they can jail you if you don't tell them the password17:12
wpwrakit would depend on whether the judge believes you or not. maybe include afghanistan on your route, so you can explain you did it because you fear getting kidnapped there17:13
larscha, here's a funny trick hide a encrypted harddrive in somebodies luggage ;)17:14
larscsomebody's17:14
wpwrakyeah, along with the drugs and the bomb :)17:14
wpwrakwell, when they caught a young woman with a bomb in her luggage some years ago, they cleared her fairly quickly, realizing it was put there without her knowledge by her paramour.17:16
wpwrakif it had been crypto, she probably wouldn't have gotten off so easily17:16
larscand hiding bombs is illegal, hiding harddrives not so much (yet)17:17
wpwrak"Did you really think that we want those laws to be observed ?"  -- Dr. Ferris, "Atlas Shrugged", Ayn Rand17:22
wpwraks/Did/Do/17:22
wpwraks/to be //17:23
wpwrakgrr. why does google show the wrong quote first ?17:23
whitequarkpaul_boddie: but I wasn't really talking about technology, just fraud17:51
whitequarkfraud is as old as the humanity, and it doesn't even change very much...17:51
wpwraknew circumstances have a tendency of complicating things. people generally try to accept new things (including technology), so if the fraud exploits that, they're vulnerable.17:54
wpwrakwith computers, you also have the added possibility of targeting a lot of people, so even something that has an extremely low probability of success (and thus never was an issue before) all of a sudden can become profitable17:56
wpwrake.g., the nigeria scams17:56
paul_boddieYes, a lot of the context is different or counterintuitive. For example, is some e-mail from Amazon genuine or not? How can someone tell?17:57
larscwell how can you tell a letter from Amazon is genuine or not?17:59
whitequarkright...18:00
wpwrakif it's in response to something you recently did, chances are it is18:02
paul_boddieWell, indeed, but the things that make a letter seem credible do not all translate to the electronic realm.18:02
wpwrakif it comes out of the blue, burn it :)18:02
paul_boddieBut again, there are some expectations about how things used to be that are no longer relevant, either.18:03
paul_boddieSo, people might think that no-one would dare to pretend to be a bank when sending a paper letter, perhaps because the consequences would be severe for anyone caught doing so.18:04
wpwrakindeed, there's that. and if the letter came from abroad, where these laws would not be enforceable, you could tell by just looking at the stamps.18:05
paul_boddieMeanwhile, the consequences are limited indeed for e-mail. For someone doing a postal scam, you could either pay them a visit or find out who registered the post office box.18:07
paul_boddieI could easily imagine people trying to apply the same mental model for paper mail to e-mail and wondering why it isn't comparable.18:07
wpwrakindeed. and properties like how easy it is to falsify the "From:" field are not intuitively clear to non-experts18:10
wpwrakwhoa. HEAVY storm. the whole building is shaking.19:31
qi-bot[commit] Paul Cercueil: Fixes the Selector returning empty file/directory names (packages) http://qi-hw.com/p/gmenu2x/e86a96c21:06
qi-bot[commit] Paul Cercueil: Recover last session from main() instead of constructor (packages) http://qi-hw.com/p/gmenu2x/0e4180421:06
--- Sun Sep 8 201300:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!