• 0 Posts
  • 108 Comments
Joined 2 years ago
Cake day: June 18th, 2023
  • NaibofTabr@infosec.pubtoWikipedia@lemmy.worldMaximum wageEnglish
    5·
    12 days ago

    It’s way past time.

    Though I think rather than try to set some fixed number, it should be something like, “the highest paid employee of a company shall be paid no more than ten times the amount paid to the lowest paid employee of that company.”

    So if the CEO receives $1 million / year in total compensation, the entry-level pay for the lowest skilled job is $100k/yr.

    This solves both the minimum and maximum wage problem.

  • NaibofTabr@infosec.pubtomemes@lemmy.worldGIRL. NOT LIKE THAT.English
    181·
    1 month ago

    Oh no, it’s worse than that… we use the metric system to measure the customary system…

    The Mendenhall Order marked a decision to change the fundamental standards of length and mass of the United States from the customary standards based on those of England to metric standards. It was issued on April 5, 1893, by Thomas Corwin Mendenhall.
    […]
    Mendenhall ordered that the standards used for the most accurate length and mass comparison change from certain yard and pound objects to certain meter and kilogram objects, but did not require anyone outside of the Office of Weights and Measures to change from the customary units to the metric system.

    https://en.wikipedia.org/wiki/Mendenhall_Order

    Technically every unit in the US customary measurement system is just a weird conversion factor of an equivalent metric unit. At this point 1 yard was defined as 3600/3937 meter, which means 1 inch = 2.54000508 cm. By 1959 everyone finally agreed that this was stupid and redefined it as 1 yard = 0.9144 m (1 inch = 2.54 cm).

    All measurements in the US are based on standard reference objects provided by BIPM.

  • NaibofTabr@infosec.pubtoTechnology@lemmy.worldScientists in Japan develop plastic that dissolves in seawater within hoursEnglish
    13·
    1 month ago

    Aida said the new material is as strong as petroleum-based plastics but breaks down into its original components when exposed to salt.

    If this means that it does not break down when exposed to just water, that’s a pretty big deal. Water solubility has been the major issue making biodegradable plastics useless for food packaging (typically you want to either keep the food wet and water in, or dry and water out - either way water permeability is a problem).

    Of course most foods also contain salt, so… I guess that’s why the article talks about coatings. If the material has to be coated to keep it from breaking down too fast, what is the point? either the coating will prevent it from breaking down, or it just moves the problem to the coating not breaking down.

  • NaibofTabr@infosec.pubtoAsk Lemmy@lemmy.worldWhat are the dangers of an out of date phone?English
    4·
    1 month ago

    How often do older devices get breached

    A meaningful answer would require specificity about “older” (5, 10, 20+ years?) and would have to be broken down into manufacturer / major software / use case / target market groups. Also… would you include breach reports for software in the statistics? For instance, if an Adobe app was breached and leaked user account data, but it only affected devices running an older version of Android, is that an Adobe breach or an Android breach, or both?

    and is there any way to continue using an “older” device safely

    Basically, once a device stops receiving security updates from the manufacturer it should be considered untrustworthy. The only caveat to this would be if you knew the hardware (CPU/APU/GPU, storage, RAM, and especially NICs and TPMs), knew the firmware for all of it, knew the software running on top of it, knew that it had been audited, knew that there weren’t any major unpatched vulnerabilities for any of it, and probably limited its use to known/trusted networks. That’s a lot of work and some of it is probably impossible due to proprietary hardware & firmware.

    But you’d also have to weigh all of that against your threat model like I described above. The question is always “How much effort would someone put in to hack me?” There is never zero risk, even with a brand new, fully up to date device. Security is always a game of “I don’t have to outrun the bear, I just have to outrun you.”

    I feel like short security update lifecycles are a form of planned obsolescence.

    There’s some truth in this, but also recognize that every CPU model has its own specific microcode, every discrete device will have its own firmware and driver, and every mainboard will have its own specific firmware that makes all of those devices work together. Every version of every phone model ever produced has some amount of device code that is specific to that version and model. Keeping on top of updating every one of them would be a monumental task. Testing every update for every device before deploying the update would probably be functionally impossible.

    All of that is a big part of why Apple controls the hardware of their devices so tightly. It allows them to standardize things and limit the amount of code they have to write, and in general Apple supports their devices with security updates much longer than other mobile device manufacturers. Their support range seems to be about 7 years.

    Don’t get me wrong, I’m not personally an Apple user. I prefer the broader freedom of choice in hardware and software in the Android market, but I understand that there’s a tradeoff due to the lack of standardization. Apple’s approach has benefits - there is a degree of safety in the walled garden that is not possible outside of it.

    What really needs to happen is that buyers need to demand end-of-life information and support commitments from the manufacturers. For instance, the Fairphone 5 has guaranteed security updates until 2031, eight years after the launch date. That way you can make an informed decision before you buy.

  • NaibofTabr@infosec.pubtoAsk Lemmy@lemmy.worldWhat are the dangers of an out of date phone?English
    20·
    1 month ago

    The danger is essentially that anything being done on the phone is not secure.

    If all she does with the phone is look at cat pictures and talk to friends and family, there’s probably not much critical information there to worry about.

    But does she use the phone for banking? tax records? health care? Does she use the phone for multifactor authentication to log in to her bank account &etc?

    Anything involving financial or personal information could be used for identity theft and fraud. Even if she doesn’t have much money personally, her identity has value on the black market for opening fraudulent credit cards and other accounts. If her phone is no longer getting security updates then her email may be exposed, and basically if you can get into someone’s email then you can get into all of their other accounts (through “I forgot my password” links). Also keep in mind that the phone is a tracking device, so if it’s not secure then anyone with the time and interest could use it to track her location.

    It’s worth noting that switching the phone to another OS like Lineage may not solve this problem. Android uses a core security feature of ARM processors called TrustZone to handle cryptographic functions like security keys. This depends on processor microcode that only gets updated by the manufacturer. If the device is no longer supported, then it will probably stop receiving updates. A third-party developer like Lineage won’t have the capability to update this code.

    The potential threat from this is not usually immediate. Just because a device might be vulnerable doesn’t mean that it’s worth anyone’s time to actually hack it. But frequently what happens is that someone finds a vulnerability that can be exploited and then builds some software that can do the necessary steps automatically, after which any device with that vulnerability is not secure at all.

    Deciding how critical all of this is for your mother depends a lot on context. Does she have financial assets that might make her a target? Is she politically active? Is she a member of a sociopolitical group that might be a target? Does she have a social media account with a lot followers? Does she have any close friends or relatives that someone might want to target through her? Does she know anyone who works in security for a large corporation, government or bank? Her own vulnerability might make someone else vulnerable by proximity.

    There’s no way to eliminate risk completely. The only way to answer the question “how dangerous is this?” is to assess the severity of possible losses and the likelihood of potential threats (threat modeling) and then make judgment calls based on priority.