Re: [GTALUG] "AI" on getting correct technical answers
On Sun, Jan 14, 2024 at 3:06 AM ac via talk <talk@gtalug.org> wrote:
snip
And, it's just a generic LLM. I've heard experienced developers saying surprisingly positive things about GitHub's Copilot for quite a while now. As for the SQL issue - all search queries on Qwant / DDG / Google lead to "how to join tables in SQL"; utterly useless. I know that reasonably well. And, who hasn't had a search lead them to StackOverflow where the highest rated answer is strongly condemned further in the comments as being wrong / out of date / insecure, etc.?
Actually, this is an interesting point.
Google search seems to prioritise answers from humans and human sources.
I searched on Microsoft the other day and was surprised to see that I could supply .js snippets (which I did not code and was too lazy to read through) and receive a correct answer direct from "search"
So, us humans will be replaced as 'coders" - Machines will be writing the code which powers machines. Not only is that something for us to understand fully, but we also have to comprehend where we are all choosing to go.
It is like watching episodes of "the Traitors" and seeing how the majority votes out a faithful.
there is just nothing to do but be along for the ride :)
Lots of incorrect answers supplied by humans.
indeed, if only there was some way to 'sort' or use advanced search to set dates... (to exclude popular answers from 2009) or do more settings on search options... oh, wait.... - and then there are no search results... when is "search" not "search" and just becomes "answer" - interesting! - it is like a mobile phone - it is hardly even a mobile phone any longer, why do so many people still call it a 'phone' or a mobile phone...
I think though that I will still be using Google for search, although when looking at it all from my perspective we are all already screwed, unless we can vote out all of the tratitors. (which seems increasingly unlikely)
Re: search engines - - - - to me they are totally frustrating. If I'm asking for a search where I want terms 'a + b + c + d + e' well - I'm looking for where ALL 5 terms show up. Not where any one term is or any two (etc etc). So if one is looking for very generic kind of items - - well search is useful - - - if you're looking for the specific - - - - search - - - well - - its quite useless! As I've been pondering the AI stuff (tried to sign up for chatgpt but as I'm unable to use a cellphone at my location that's a no for even signup (and no way to reach the idiots - - - - sorry I guess I should use people but I wonder - - to let them know that I can't because its only after registration that connection is allowed - - - total circular logic that is!) what I've come up with is from looking at the past. Truly innovative and unique ideas/things are rarely enough even designed or developed by a 'team' (that's changing in advanced materials these days though) most often its an individual that finds something that the thundering herd has either ignored or doesn't know about. Somehow to date AI is more about the thundering herd (and a technique that when fully utilized will allow major chip makers (and some small group of other hardware vendors) to really cache in the bucks ('Follow the money' is the adage!). Am wondering if that is the reason for AI's proliferation? What say you? TIA
ChatGPT is very good at making up stories to amuse my female friends. Ask it to write a love poem to a girl and she will be thrilled at the result. There is no verification or source required. ChatGPT is good for chatting. I find its Chinese is also very good. You can use ChatGPT to improve their English level for learners. There are a lot of benefits to the tech, but factual accuracy is not one of them. On a Chinese social media platform I asked ChatGPT (the company is based in sunny California) where it was from. It said that it was from Huan, China, but then could/would not tell me where in Hunan was its home town. On Sun, 14 Jan 2024 at 07:26, o1bigtenor via talk <talk@gtalug.org> wrote:
On Sun, Jan 14, 2024 at 3:06 AM ac via talk <talk@gtalug.org> wrote:
snip
And, it's just a generic LLM. I've heard experienced developers saying surprisingly positive things about GitHub's Copilot for quite a while now. As for the SQL issue - all search queries on Qwant / DDG / Google lead to "how to join tables in SQL"; utterly useless. I know that reasonably well. And, who hasn't had a search lead them to StackOverflow where the highest rated answer is strongly condemned further in the comments as being wrong / out of date / insecure, etc.?
Actually, this is an interesting point.
Google search seems to prioritise answers from humans and human sources.
I searched on Microsoft the other day and was surprised to see that I could supply .js snippets (which I did not code and was too lazy to read through) and receive a correct answer direct from "search"
So, us humans will be replaced as 'coders" - Machines will be writing the code which powers machines. Not only is that something for us to understand fully, but we also have to comprehend where we are all choosing to go.
It is like watching episodes of "the Traitors" and seeing how the majority votes out a faithful.
there is just nothing to do but be along for the ride :)
Lots of incorrect answers supplied by humans.
indeed, if only there was some way to 'sort' or use advanced search to set dates... (to exclude popular answers from 2009) or do more settings on search options... oh, wait.... - and then there are no search results... when is "search" not "search" and just becomes "answer" - interesting! - it is like a mobile phone - it is hardly even a mobile phone any longer, why do so many people still call it a 'phone' or a mobile phone...
I think though that I will still be using Google for search, although when looking at it all from my perspective we are all already screwed, unless we can vote out all of the tratitors. (which seems increasingly unlikely)
Re: search engines - - - - to me they are totally frustrating.
If I'm asking for a search where I want terms 'a + b + c + d + e' well - I'm looking for where ALL 5 terms show up. Not where any one term is or any two (etc etc). So if one is looking for very generic kind of items - - well search is useful - - - if you're looking for the specific - - - - search - - - well - - its quite useless!
As I've been pondering the AI stuff (tried to sign up for chatgpt but as I'm unable to use a cellphone at my location that's a no for even signup (and no way to reach the idiots - - - - sorry I guess I should use people but I wonder - - to let them know that I can't because its only after registration that connection is allowed - - - total circular logic that is!) what I've come up with is from looking at the past.
Truly innovative and unique ideas/things are rarely enough even designed or developed by a 'team' (that's changing in advanced materials these days though) most often its an individual that finds something that the thundering herd has either ignored or doesn't know about. Somehow to date AI is more about the thundering herd (and a technique that when fully utilized will allow major chip makers (and some small group of other hardware vendors) to really cache in the bucks ('Follow the money' is the adage!). Am wondering if that is the reason for AI's proliferation?
What say you?
TIA --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On 2024-01-14 07:19, o1bigtenor via talk wrote:
Re: search engines - - - - to me they are totally frustrating.
If I'm asking for a search where I want terms 'a + b + c + d + e' well - I'm looking for where ALL 5 terms show up. Not where any one term is or any two (etc etc). So if one is looking for very generic kind of items
Most search engine in general seem rather poor. Google used to be better. IIRC, there was a time when you could do a search using a phrase, or tell it which words were required to be in the search result. I find most search engines on web sites seem to return any page containing any of the words you provide. -- Cheers! Kevin. https://www.patreon.com/KevinCozens | "Nerds make the shiny things that | distract the mouth-breathers, and Owner of Elecraft K2 #2172 | that's why we're powerful" #include <disclaimer/favourite> | --Chris Hardwick
On Sun, Jan 14, 2024 at 7:20 AM o1bigtenor via talk <talk@gtalug.org> wrote:
On Sun, Jan 14, 2024 at 3:06 AM ac via talk <talk@gtalug.org> wrote:
snip
And, it's just a generic LLM. I've heard experienced developers saying surprisingly positive things about GitHub's Copilot for quite a while now. As for the SQL issue - all search queries on Qwant / DDG / Google lead to "how to join tables in SQL"; utterly useless. I know that reasonably well. And, who hasn't had a search lead them to StackOverflow where the highest rated answer is strongly condemned further in the comments as being wrong / out of date / insecure, etc.?
Actually, this is an interesting point.
Google search seems to prioritise answers from humans and human sources.
I searched on Microsoft the other day and was surprised to see that I could supply .js snippets (which I did not code and was too lazy to read through) and receive a correct answer direct from "search"
So, us humans will be replaced as 'coders" - Machines will be writing the code which powers machines. Not only is that something for us to understand fully, but we also have to comprehend where we are all choosing to go.
It is like watching episodes of "the Traitors" and seeing how the majority votes out a faithful.
there is just nothing to do but be along for the ride :)
Lots of incorrect answers supplied by humans.
indeed, if only there was some way to 'sort' or use advanced search to set dates... (to exclude popular answers from 2009) or do more settings on search options... oh, wait.... - and then there are no search results... when is "search" not "search" and just becomes "answer" - interesting! - it is like a mobile phone - it is hardly even a mobile phone any longer, why do so many people still call it a 'phone' or a mobile phone...
I think though that I will still be using Google for search, although when looking at it all from my perspective we are all already screwed, unless we can vote out all of the tratitors. (which seems increasingly unlikely)
Re: search engines - - - - to me they are totally frustrating.
If I'm asking for a search where I want terms 'a + b + c + d + e' well - I'm looking for where ALL 5 terms show up. Not where any one term is or any two (etc etc). So if one is looking for very generic kind of items - - well search is useful - - - if you're looking for the specific - - - - search - - - well - - its quite useless!
(tried to sign up for chatgpt but as I'm unable to use a cellphone at my location that's a no for even signup (and no way to reach the idiots - - - - sorry I guess I should use people but I wonder - - to let them know that I can't because its only after registration that connection is allowed - - - total circular logic that is!)
I'm having a hard time parsing this. I have never used a cellphone to access https://chat.openai.com -- this is where I signed up for free and later where I upgraded to Plus. The process to register is quite easy, I don't quite understand the issues you and Kevin are having. FWIW, I have had generally good results with ChatGPT4 with two exceptions: - It's awful at anything location-based - fine for solutions, not fine for opinions - Evan
On Sun, Jan 14, 2024 at 3:03 PM Evan Leibovitch <evan@telly.org> wrote:
On Sun, Jan 14, 2024 at 7:20 AM o1bigtenor via talk <talk@gtalug.org> wrote:
On Sun, Jan 14, 2024 at 3:06 AM ac via talk <talk@gtalug.org> wrote:
snip
And, it's just a generic LLM. I've heard experienced developers saying surprisingly positive things about GitHub's Copilot for quite a while now. As for the SQL issue - all search queries on Qwant / DDG / Google lead to "how to join tables in SQL"; utterly useless. I know that reasonably well. And, who hasn't had a search lead them to StackOverflow where the highest rated answer is strongly condemned further in the comments as being wrong / out of date / insecure, etc.?
Actually, this is an interesting point.
Google search seems to prioritise answers from humans and human sources.
I searched on Microsoft the other day and was surprised to see that I could supply .js snippets (which I did not code and was too lazy to read through) and receive a correct answer direct from "search"
So, us humans will be replaced as 'coders" - Machines will be writing the code which powers machines. Not only is that something for us to understand fully, but we also have to comprehend where we are all choosing to go.
It is like watching episodes of "the Traitors" and seeing how the majority votes out a faithful.
there is just nothing to do but be along for the ride :)
Lots of incorrect answers supplied by humans.
indeed, if only there was some way to 'sort' or use advanced search to set dates... (to exclude popular answers from 2009) or do more settings on search options... oh, wait.... - and then there are no search results... when is "search" not "search" and just becomes "answer" - interesting! - it is like a mobile phone - it is hardly even a mobile phone any longer, why do so many people still call it a 'phone' or a mobile phone...
I think though that I will still be using Google for search, although when looking at it all from my perspective we are all already screwed, unless we can vote out all of the tratitors. (which seems increasingly unlikely)
Re: search engines - - - - to me they are totally frustrating.
If I'm asking for a search where I want terms 'a + b + c + d + e' well - I'm looking for where ALL 5 terms show up. Not where any one term is or any two (etc etc). So if one is looking for very generic kind of items - - well search is useful - - - if you're looking for the specific - - - - search - - - well - - its quite useless!
(tried to sign up for chatgpt but as I'm unable to use a cellphone at my location that's a no for even signup (and no way to reach the idiots - - - - sorry I guess I should use people but I wonder - - to let them know that I can't because its only after registration that connection is allowed - - - total circular logic that is!)
I'm having a hard time parsing this.
I have never used a cellphone to access https://chat.openai.com -- this is where I signed up for free and later where I upgraded to Plus. The process to register is quite easy, I don't quite understand the issues you and Kevin are having.
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person. I understand that you don't get the problem but then you are an urban dweller who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity (you know like the banks, the bloody government - - - shall I go on???!!!!!!!????) all the while prating about maintaining my privacy and security - - - bollocks!!!!!!!!!!!!) - - - this is our contemporary situation. That urban dwellers don't get it is also our contemporary situation. The pity is that they don't even try to understand the enormity of the situation or the helplessness of those caught in the squeeze - - - - .
The current social assumption made by companies is that all people have a cellphone, all people know how to use them, and all people are almost always connected. This is not the case for much of our society, but from the viewpoint of data architects, developers and tech companies, this is their view. On Mon, 15 Jan 2024 at 07:56, o1bigtenor via talk <talk@gtalug.org> wrote: > On Sun, Jan 14, 2024 at 3:03 PM Evan Leibovitch <evan@telly.org> wrote: > > > > > > > > On Sun, Jan 14, 2024 at 7:20 AM o1bigtenor via talk <talk@gtalug.org> > wrote: > >> > >> On Sun, Jan 14, 2024 at 3:06 AM ac via talk <talk@gtalug.org> wrote: > >> > > >> snip > >> > >> > > And, it's just a generic LLM. I've heard experienced developers > >> > > saying surprisingly positive things about GitHub's Copilot for quite > >> > > a while now. > >> > > As for the SQL issue - all search queries on Qwant / DDG / Google > >> > > lead to "how to join tables in SQL"; utterly useless. I know that > >> > > reasonably well. > >> > > And, who hasn't had a search lead them to StackOverflow where the > >> > > highest rated answer is strongly condemned further in the comments > as > >> > > being wrong / out of date / insecure, etc.? > >> > > > >> > Actually, this is an interesting point. > >> > > >> > Google search seems to prioritise answers from humans and human > sources. > >> > > >> > I searched on Microsoft the other day and was surprised to see that I > >> > could supply .js snippets (which I did not code and was too lazy to > >> > read through) and receive a correct answer direct from "search" > >> > > >> > So, us humans will be replaced as 'coders" - Machines will be writing > >> > the code which powers machines. Not only is that something for us to > >> > understand fully, but we also have to comprehend where we are all > >> > choosing to go. > >> > > >> > It is like watching episodes of "the Traitors" and seeing how the > >> > majority votes out a faithful. > >> > > >> > there is just nothing to do but be along for the ride :) > >> > > >> > > Lots of incorrect answers supplied by humans. > >> > > > >> > indeed, if only there was some way to 'sort' or use advanced search to > >> > set dates... (to exclude popular answers from 2009) or do more > settings > >> > on search options... oh, wait.... - and then there are no search > >> > results... when is "search" not "search" and just becomes "answer" - > >> > interesting! - it is like a mobile phone - it is hardly even a mobile > >> > phone any longer, why do so many people still call it a 'phone' or a > >> > mobile phone... > >> > > >> > I think though that I will still be using Google for search, although > >> > when looking at it all from my perspective we are all already screwed, > >> > unless we can vote out all of the tratitors. (which seems increasingly > >> > unlikely) > >> > > >> Re: search engines - - - - to me they are totally frustrating. > >> > >> If I'm asking for a search where I want terms 'a + b + c + d + e' well > - > >> I'm looking for where ALL 5 terms show up. Not where any one term is or > >> any two (etc etc). So if one is looking for very generic kind of items > - - > >> well search is useful - - - if you're looking for the specific - - - - > search > >> - - - well - - its quite useless! > >> > >> (tried to sign up for chatgpt but as I'm unable to use a cellphone at > my location that's a no for even signup (and no way to reach the idiots - - > - - sorry I guess I should use people but I wonder - - to let them know > that I can't because its only after registration that connection is allowed > - - - total circular logic that is!) > > > > > > I'm having a hard time parsing this. > > > > I have never used a cellphone to access https://chat.openai.com -- this > is where I signed up for free and later where I upgraded to Plus. The > process to register is quite easy, I don't quite understand the issues you > and Kevin are having. > > > One doesn't use a cell phone (well I wouldn't) but a cellphone number > is demanded to > verify one's identity. Without a working cellphone connection one is > today - - - a NON-person. > > I understand that you don't get the problem but then you are an urban > dweller who has > absolutely no idea what its like trying to connect to an ever > increasing number of entities > that demand SMS connectiviity (you know like the banks, the bloody > government - - - shall > I go on???!!!!!!!????) all the while prating about maintaining my > privacy and security - - - > bollocks!!!!!!!!!!!!) - - - this is our contemporary situation. That > urban dwellers don't get it > is also our contemporary situation. The pity is that they don't even > try to understand > the enormity of the situation or the helplessness of those caught in > the squeeze - - - - . > --- > Post to this mailing list talk@gtalug.org > Unsubscribe from this mailing list > https://gtalug.org/mailman/listinfo/talk >
On Mon, Jan 15, 2024 at 7:14 AM Don Tai <dontai.canada@gmail.com> wrote:
The current social assumption made by companies is that all people have a cellphone, all people know how to use them, and all people are almost always connected. This is not the case for much of our society, but from the viewpoint of data architects, developers and tech companies, this is their view.
Agreed - - - but how does one get the attention of this technical elite to notify them that some of their basic assumptions are just - - - wrong? Regards
On 2024-01-15 08:55, o1bigtenor via talk wrote: [snip]
Agreed - - - but how does one get the attention of this technical elite to notify them that some of their basic assumptions are just - - - wrong?
Their basic assumption is correct. You are just a corner case. We all like to think we are part of the vast majority but just about everybody on this list is not part of that majority in at least a few respects. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
The ostracization of the non-tech in society was quite evident at the start of the pandemic, and then it got even worse. The elderly at my gym could not book immunization appointments for pharmacies because they refused to book over the phone and told people to book exclusively through the web site. They were forced to go to city sites, which were much further away and inconvenient, where at least the City of Toronto had a phone number. Further, during the pandemic the City of Toronto opened up workout gyms to those that need medical physiotherapy (doctor's note required), but to go you needed to book an appointment time slot..online..or call the city. This turned out to be quite a task for the elderly. Grocery fliers are now not being delivered in my area of Scarborough. Retailers are pushing people to go online, but the elderly cannot handle a computer much less navigating an online flyer. Therefore the elderly do not know when certain items go on sale. Specifically NoFrills made a change where if there was a flyer printed, it was an abbreviated version of the online flyer, so even the elderly did get to see a printed flyer, they were unable to see all the sales. There are a lot of elderly, and with each year this will accelerate, but it seems the ostracization has not been noticed. We must accommodate for such a large and vulnerable chunk of our society. Their cases are certainly not corner use cases. On Mon, 15 Jan 2024 at 09:41, o1bigtenor via talk <talk@gtalug.org> wrote:
On Mon, Jan 15, 2024 at 7:14 AM Don Tai <dontai.canada@gmail.com> wrote:
The current social assumption made by companies is that all people have
a cellphone, all people know how to use them, and all people are almost always connected. This is not the case for much of our society, but from the viewpoint of data architects, developers and tech companies, this is their view.
Agreed - - - but how does one get the attention of this technical elite to notify them that some of their basic assumptions are just - - - wrong?
Regards --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On 2024-01-15 11:01, Don Tai via talk wrote:
The ostracization of the non-tech in society was quite evident at the start of the pandemic, and then it got even worse. The elderly at my gym could not book immunization appointments for pharmacies because they refused to book over the phone and told people to book exclusively through the web site. They were forced to go to city sites, which were much further away and inconvenient, where at least the City of Toronto had a phone number.
Further, during the pandemic the City of Toronto opened up workout gyms to those that need medical physiotherapy (doctor's note required), but to go you needed to book an appointment time slot..online..or call the city. This turned out to be quite a task for the elderly.
Grocery fliers are now not being delivered in my area of Scarborough. Retailers are pushing people to go online, but the elderly cannot handle a computer much less navigating an online flyer. Therefore the elderly do not know when certain items go on sale. Specifically NoFrills made a change where if there was a flyer printed, it was an abbreviated version of the online flyer, so even the elderly did get to see a printed flyer, they were unable to see all the sales.
There are a lot of elderly, and with each year this will accelerate, but it seems the ostracization has not been noticed. We must accommodate for such a large and vulnerable chunk of our society. Their cases are certainly not corner use cases.
I get your point and as a senior myself I see a huge part my generation and older that never had to deal with computers and just don't get the technology. That being said my 95yo mother-in-law has a computer and has all her bills e-mailed to her. She is starting to have memory and comprehension problems but when she gets to the point where she cannot deal with her computer she may not be able to deal with phone based services at that point either. She grew up in a home with no phone and the idea of a phone in every home is a idea that is much less than 100 years old. We get use to a technology and forget that some time ago that was a new technology that people were having problems with. Ostracization is a bit of an exaggeration. It is more an issue of lack of understanding or caring. All these services are now being managed and developed by people who are largely between 20 and 50. They assume that everybody is like them with the cell phone attached and can only be surgically removed. Also remember phone services that are not just a fancy IVR require people to answer phone lines and a place for them to be setting when they are answering those lines. Where do you put those people and phones and computers when your in a lockdown situation. A web site is likely the best that can be done in the time-frame with the resources available. Fliers... Now there is something I hate. Any we get goes directly in to the recycling in and the same is true of my mother-in-law. Its just killing trees for little return. They also cost the retailers a significant amount of cash that is going directly into the recycling bin. Although they are not a recent thing the volume of "hate mail" has gone up since the postal service decided that it could make money delivering the stuff. So the volume has been around for a long time and we have come to consider it as "normal". -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Jan 15, 2024 at 8:14 AM Don Tai via talk <talk@gtalug.org> wrote: The current social assumption made by companies is that all people have a
cellphone, all people know how to use them, and all people are almost always connected. This is not the case for much of our society
The statistics are not on your side. <https://www.statcan.gc.ca/o1/en/plus/3582-so-long-landline-hello-smartphone> In 2020, 84% of Canadians had mobile phones, and the percentage has been rising. If you have contrary evidence, or a definition of "much of society" of which I might not be aware, please inform. - Evan
| From: o1bigtenor via talk <talk@gtalug.org> | > I have never used a cellphone to access https://chat.openai.com -- this is where I signed up for free and later where I upgraded to Plus. The process to register is quite easy, I don't quite understand the issues you and Kevin are having. | One doesn't use a cell phone (well I wouldn't) but a cellphone number | is demanded to | verify one's identity. Without a working cellphone connection one is | today - - - a NON-person. This is "two-factor authentication" (often called 2FA). Lots and lots of things require it. And then assume that that number is a good way to contact you. Grrr. SMS is not a great second factor. Especially in the cases where there is no first factor. A related issue: places that ask my phone number and then assume it works for SMS. My phone number dates back more than forty years and it is a landline (no SMS). The thing is that the world has changed faster than some of us have adjusted. I feel that way about many things; at least Flash is gone.
On 2024-01-15 09:32, D. Hugh Redelmeier via talk wrote:
| From: o1bigtenor via talk<talk@gtalug.org>
| > I have never used a cellphone to accesshttps://chat.openai.com -- this is where I signed up for free and later where I upgraded to Plus. The process to register is quite easy, I don't quite understand the issues you and Kevin are having.
| One doesn't use a cell phone (well I wouldn't) but a cellphone number | is demanded to | verify one's identity. Without a working cellphone connection one is | today - - - a NON-person.
This is "two-factor authentication" (often called 2FA). Also known as MFA for Multi Factor Authentication. Where factors are >1 but I have never seen it >2.
Lots and lots of things require it. And then assume that that number is a good way to contact you. Grrr.
SMS is not a great second factor. Especially in the cases where there is no first factor.
A related issue: places that ask my phone number and then assume it works for SMS. My phone number dates back more than forty years and it is a landline (no SMS). When we first got VOIP and SMS on our home line it was supprising to see
Well at that point SMS would be the first factor. the services that were doing things like appointment notifications using that number. SMS does have a way to provide delivery notifications but nobody would make use of that because of all the non-SMS landlines out there.
The thing is that the world has changed faster than some of us have adjusted. I feel that way about many things; at least Flash is gone.
The level of technical knowledge required to protect yourself now days has gone way up. It use to be that your bank tellers knew you and if you did not want to get robbed you locked your doors. Either you had cash in your pocket or were in a position to write a cheque and living beyond your means ware hard to do. Now we have multiple credit cards, bank cards, crypto accounts all of which can be scammed/hacked/stolen. If your not careful someone can sell your house and you won't know about it till the new owners show up. Generally life is much better but it has come at a cost. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
I understand that you don't get the problem but then you are an urban dweller who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity (you know like the banks, the bloody government - - - shall I go on???!!!!!!!????) all the while prating about maintaining my privacy and security - - - bollocks!!!!!!!!!!!!) - - - this is our contemporary situation. That urban dwellers don't get it is also our contemporary situation. The pity is that they don't even try to understand the enormity of the situation or the helplessness of those caught in the squeeze - - - - . You don't need a cell phone number but need to have a number that will accept SMS. VOIP services offer numbers with SMS features.
I have found that useful since lots of personal services like to take a number when you make an appointment and then send reminders via SMS. The one caveat is that some places check to see if the number you provided is owned by a carrier and will not allow VOIP numbers. Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security. Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process. Also not sure about all governments and services but a large chunk of the Ontario government use call back. So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
I understand that you don't get the problem but then you are an urban dweller who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity (you know like the banks, the bloody government - - - shall I go on???!!!!!!!????) all the while prating about maintaining my privacy and security - - - bollocks!!!!!!!!!!!!) - - - this is our contemporary situation. That urban dwellers don't get it is also our contemporary situation. The pity is that they don't even try to understand the enormity of the situation or the helplessness of those caught in the squeeze - - - - . You don't need a cell phone number but need to have a number that will accept SMS. VOIP services offer numbers with SMS features.
Was not aware of this. As I'm now on a reasonable IP connection (previously on fixed point wireless which is garbage imo) I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw!
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security.
Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). It was about 2019 when the federal bureacracy started barking about this and the banking industry (finding another area to look good and possibly generate MORE fees) started complying. What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of both SMS, SMS based and open email systems it would no longer be possible to use such for authentication." (Notice what he said - - - the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have heard of the first instance and it seems that the second has been ignored by almost all of those that have read the first. (Except Microsoft employees - - AIUI they are using a USB token/chip/whatever the official name for the dongle is - - - and that is their reality.) There are options - - - yes but they cost some money - - - - the feds just don't give a rip and the banking industry is loathe to offer such reasonably or (shock and horror) to offer for free so that a secure system 'could' be set up - - - so we're stuck with garbage with platitudes for our privacy and security.
Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process.
Bank I'm dealing with - - - doesn't.
Also not sure about all governments and services but a large chunk of the Ontario government use call back.
Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario. (Even if the banking industry centered in Toronto bends even our clocks (in the rest of Canada) to suit their 'whatever you want to call it'!
So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue.
Have tried that when I was required to authenticate to do a credit card transaction. The ultimate answer - - - sorry - - - - nothing we can do to help. (I used a credit card with much higher fees that hasn't jumped on that band wagon yet - - - their problem!) Given the reaction here it is quite clear that this PROBLEM really hasn't hit the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA). (Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue. (My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!) Regards
On 2024-01-15 11:47, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
[snip] Was not aware of this. As I'm now on a reasonable IP connection (previously on fixed point wireless which is garbage imo) I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw! Bell and Rogers are now both offering VOIP based home phone services. I assume that they have batteries to keep things running in the event of a power outage but It would be interesting to have someone on list confirm that. I remember many years ago working with an ISDN ATA device from Bell that had NiCad batteries that did not last all that long and had real degradation problems.
You could fix the power issue with a UPS. You could likely pay for the UPS in the phone line savings in the first year.
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security. Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). It was about 2019 when the federal bureacracy started barking about this and the banking industry (finding another area to look good and possibly generate MORE fees) started complying.
What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of both SMS, SMS based and open email systems it would no longer be possible to use such for authentication." (Notice what he said - - - Any chance for a link to that? I would love to know the inherent insecurity. the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have heard of the first instance and it seems that the second has been ignored by almost all of those that have read the first. (Except Microsoft employees - - AIUI they are using a USB token/chip/whatever the official name for the dongle is - - - and that is their reality.) There are options - - - yes but they cost some money - - - - the feds just don't give a rip and the banking industry is loathe to offer such reasonably or (shock and horror) to offer for free so that a secure system 'could' be set up - - - so we're stuck with garbage with platitudes for our privacy and security.
Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process. Bank I'm dealing with - - - doesn't. That sucks. I know RBC and Scotia both support call back MFA.
Also not sure about all governments and services but a large chunk of the Ontario government use call back. Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario. (Even if the banking industry centered in Toronto bends even our clocks (in the rest of Canada) to suit their 'whatever you want to call it'! I don't know what PEI or BC governments are doing so I am not commenting on them. I live in Ontario and know a little about that. If that somehow offends you I am sorry about that.
So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue.
Have tried that when I was required to authenticate to do a credit card transaction. The ultimate answer - - - sorry - - - - nothing we can do to help. (I used a credit card with much higher fees that hasn't jumped on that band wagon yet - - - their problem!)
Given the reaction here it is quite clear that this PROBLEM really hasn't hit the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA). (Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue. (My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!) Ok lets leave it there.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Jan 15, 2024 at 12:21 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 11:47, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
[snip] Was not aware of this. As I'm now on a reasonable IP connection (previously on fixed point wireless which is garbage imo) I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw! Bell and Rogers are now both offering VOIP based home phone services. I assume that they have batteries to keep things running in the event of a power outage but It would be interesting to have someone on list confirm that.
Bell reminds me of the company that ordered a 1" mesh steel door for a WWI submarine in a modern naval battle. Rogers is possibly worse - - - its only about their profit and not much else!
I remember many years ago working with an ISDN ATA device from Bell that had NiCad batteries that did not last all that long and had real degradation problems.
You could fix the power issue with a UPS.
Likely if the power outages were short - - - ie under 4 hours. For the 40 hour ones - - - not so good - - - we had one of those in 22 I think it was. That was uproariously funny when the power company was posting bulletins to their website for information - - - and no power to get any of that - - - enormously amusing the absolute stupidity of the thinking (what there was of it!).
You could likely pay for the UPS in the phone line savings in the first year.
Going off grid is looking more and more attractive! (grin!)
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security. Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). It was about 2019 when the federal bureacracy started barking about this and the banking industry (finding another area to look good and possibly generate MORE fees) started complying.
What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of both SMS, SMS based and open email systems it would no longer be possible to use such for authentication." (Notice what he said - - - Any chance for a link to that? I would love to know the inherent insecurity.
I copied what I found into a doc that I have here. Would have to dig for it - - - do you want it?
the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have heard of the first instance and it seems that the second has been ignored by almost all of those that have read the first. (Except Microsoft employees - - AIUI they are using a USB token/chip/whatever the official name for the dongle is - - - and that is their reality.) There are options - - - yes but they cost some money - - - - the feds just don't give a rip and the banking industry is loathe to offer such reasonably or (shock and horror) to offer for free so that a secure system 'could' be set up - - - so we're stuck with garbage with platitudes for our privacy and security.
Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process. Bank I'm dealing with - - - doesn't. That sucks. I know RBC and Scotia both support call back MFA.
Stopped dealing with RBC when I saw that I was paying for any deposit on a small business account. It just doesn't make sense to pay to deposit something like an under $20 check. RBC isn't about banking - - - its about making serious $$$$$ for its mid and upper level management (and stock owners).
Also not sure about all governments and services but a large chunk of the Ontario government use call back. Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario. (Even if the banking industry centered in Toronto bends even our clocks (in the rest of Canada) to suit their 'whatever you want to call it'!
I don't know what PEI or BC governments are doing so I am not commenting on them. Tit you know that bills paid in Labrador at 01.20 something are considered to have been paid the previous day? Did you know that its the next day at 21.00 if you're banking in BC?
I tend to beat it the other way around - - - I contact businesses that are closed here at their branches in other parts of the country so I can extend my business day to more closely match mine. Regards
I live in Ontario and know a little about that. If that somehow offends you I am sorry about that.
So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue.
Have tried that when I was required to authenticate to do a credit card transaction. The ultimate answer - - - sorry - - - - nothing we can do to help. (I used a credit card with much higher fees that hasn't jumped on that band wagon yet - - - their problem!)
Given the reaction here it is quite clear that this PROBLEM really hasn't hit the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA). (Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue. (My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!) Ok lets leave it there.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On 2024-01-15 14:05, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 12:21 PM Alvin Starr via talk <talk@gtalug.org> wrote: [snip]
Any chance for a link to that? I would love to know the inherent insecurity. I copied what I found into a doc that I have here. Would have to dig for it - - - do you want it? Yes I would like to see that.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
| From: Alvin Starr via talk <talk@gtalug.org> | Bell and Rogers are now both offering VOIP based home phone services. | I assume that they have batteries to keep things running in the event of a | power outage but It would be interesting to have someone on list confirm that. | I remember many years ago working with an ISDN ATA device from Bell that had | NiCad batteries that did not last all that long and had real degradation | problems. They try to hide the fact that their "home phone" service is over VOIP. For one thing, I think that they have dedicated bandwidth so saturating your internet service won't break your phone service. Rogers has or had UPS built into the home phone box. And they have batteries on their neighbourhood boxes. (During a long power failure, they even brought a generator for the one near us.) Bell had a UPS built into their home internet+phone boxes. But not the latest ones. (The old Bell system had large lead-acid batteries in the COs. Old handsets were actually powered by the CO. Modern ones have their own power for many functions. So we used to expect the phone to work during "hydro" failures.)
On Tue, Jan 16, 2024 at 2:46 AM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
(The old Bell system had large lead-acid batteries in the COs. Old handsets were actually powered by the CO. Modern ones have their own power for many functions. So we used to expect the phone to work during "hydro" failures.)
I still do. While I have some cheap Vtech phones with message recorder plugged into the landline, I still maintain one plain touchtone phone in the living room that has no external power and still runs fine. Two years ago, when my street's power transformer blew and we had no electricity for days while it was replaced, that phone worked just fine throughout. Between that and the UPS I used for charging my mobile devices, I made many new friends among my neighbours. (Having a gas stove was also very helpful at the time...) CO-powered phones are still available and their simplicity keeps them cheap. <https://www.amazon.ca/Vtech-Trimstyle-Corded-Telephone-CD1103WT/dp/B008UZDYP0/ref=sr_1_1> - Evan
On 1/16/24 07:16, Evan Leibovitch via talk wrote:
CO-powered phones are still available
Are they still CO powered? Both Rogers and Bell are moving to VoIP over fibre to the neighbourhood. There's an old Bell box near me, where the lines for the homes could connect to the cable. It's been busted flat for years.
On Tue, Jan 16, 2024 at 2:00 PM James Knott via talk <talk@gtalug.org> wrote:
On 1/16/24 07:16, Evan Leibovitch via talk wrote:
CO-powered phones are still available
Are they still CO powered?
My home internet is still metered and charged as a DSL line (by Teksavvy), though I know my neighbourhood has fibre. (I watched it being laid.) The line coming in is an RJ-11 cable that split between my home's internal phone wiring and the DSL modem. No telco-supplied UPS on anything. I don't know whether my dumb phone is powered by the CO or an UPS in a neighbourhood Bell box. I just know it's powered from outside the house, functioning the same way as it has for decades, and it has done well during extended power outages. - Evan
On 2024-01-16 23:20, Evan Leibovitch via talk wrote:
On Tue, Jan 16, 2024 at 2:00 PM James Knott via talk <talk@gtalug.org> wrote:
On 1/16/24 07:16, Evan Leibovitch via talk wrote: > CO-powered phones are still available
Are they still CO powered?
My home internet is still metered and charged as a DSL line (by Teksavvy), though I know my neighbourhood has fibre. (I watched it being laid.) The line coming in is an RJ-11 cable that split between my home's internal phone wiring and the DSL modem. No telco-supplied UPS on anything.
I don't know whether my dumb phone is powered by the CO or an UPS in a neighbourhood Bell box. I just know it's powered from outside the house, functioning the same way as it has for decades, and it has done well during extended power outages.
A phone line with a dial-tone will connect back to a CO or a Remote CO. DSL is some times served from the CO or Remote but more often in populated areas it is served from a little box close to the curb. If its from the little box then what happens is that the line to your house from the CO is split and the DSL is added in at that point along with filters to allow the phone signal from the CO to keep going to your home. As a general rule the CO will have batteries and a generator whereas the Remote COs will only have battery. DSL has distance limitations so that once you start getting more than 2km from the Bell end you start having links that are speed limited and at distances of 4km or so you are lucky to get 1Mb. Also this is cable distance and not point to point distance so with all the right angle streets and infrastructure the distance can add up fast. The distance reason is why Bell and the other Telcos rolled out fibre into neighborhoods and placed the little boxes all over the place. When DSL first started you could easily be 5-6KM from a CO while still being in downtown Toronto. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 2024-01-16 07:16, Evan Leibovitch via talk wrote:
On Tue, Jan 16, 2024 at 2:46 AM D. Hugh Redelmeier via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
(The old Bell system had large lead-acid batteries in the COs. Oldhandsets were actually powered by the CO. Modern ones have their ownpower for many functions. So we used to expect the phone to workduring "hydro" failures.)
I still do.
While I have some cheap Vtech phones with message recorder plugged into the landline, I still maintain one plain touchtone phone in the living room that has no external power and still runs fine.
The main phones in the house are cordless. The handset will still operate during a power failure but the base would not. For that reason my family also has one old style phone powered from the CO just in case we need to use a phone during a power failure. It also means that none of our phones are of the type that can receive any text messages so all these sites that assume one has a cell phone that can receive messages as part of a 2FA process. I recently copied all of my source code repositories from github to gitlab due to the problems of 2FA. -- Cheers! Kevin. https://www.patreon.com/KevinCozens | "Nerds make the shiny things that | distract the mouth-breathers, and Owner of Elecraft K2 #2172 | that's why we're powerful" #include <disclaimer/favourite> | --Chris Hardwick
On Wed, Jan 17, 2024 at 09:23:18AM -0500, Kevin Cozens via talk wrote:
The main phones in the house are cordless. The handset will still operate during a power failure but the base would not. For that reason my family also has one old style phone powered from the CO just in case we need to use a phone during a power failure.
It also means that none of our phones are of the type that can receive any text messages so all these sites that assume one has a cell phone that can receive messages as part of a 2FA process. I recently copied all of my source code repositories from github to gitlab due to the problems of 2FA.
My cordless phones have a charger for one of the handsets on the base, and during a power failure that handset will power the base station. The phone shows a message on it's screen to not remove it due to it powering the base station when the power is out. Pretty handy. A dumb old phone as a backup is still good to have around though. -- Len Sorensen
-------- Original Message -------- | From: Alvin Starr via talk <talk@gtalug.org> Rogers has or had UPS built into the home phone box. And they have batteries on their neighbourhood boxes. (During a long power failure, they even brought a generator for the one near us.) [Steve Petrie] Nice to read something positive about Rogers. My last Rogers interaction last week, had a Rogers sales rep ending his call to me, by shouting that I had just wasted his valuable time (because I had told him the technical reasons why I would rather pay a $18 / month Bell Canada premium, over the Rogers monthly service price, to keep my ROCK-SOLID RELIABLE Bell Canada service. This same brain-dead abusive Rogers sales loser, actually ended our call by shouting "F**k You !!" at me, before he ended the call. Charming :) Seemed to me his vituperative manner could have been a reflection of a possibly desperate Rogers. Bell Canada execs may surely be cruel and ruthless greedy squeezers, but still, Bell does seem to value service reliability as a core corporate value. * * * * * * [Alvin Starr] Bell had a UPS built into their home internet+phone boxes. But not the latest ones. (The old Bell system had large lead-acid batteries in the COs. Old handsets were actually powered by the CO. Modern ones have their own power for many functions. So we used to expect the phone to work during "hydro" failures.) [Steve Petrie] My friend who lives in her house in the Bloor West Village / High Park area, has an ancient wall-mounted Northern Telecom analogue phone in her kitchen. So far as I know, this indestructible NT museum-piece is still powered from the Bell CO. Whenever she occasionally has a Bell service outage, she's at the bottom of Bell Canada's repair priority list. She tells me that the Bell technician despatched to fix her dead copper-pair service, is invariably contemptuous and surly to her. Seems like like internal Bell ethos is to consider all twisted-copper-pair-connected service holdouts, as hopelessly outdated dispensable ancient codgers. Probably some obscure CRTC ruling prevents Bell Canada from forcing the few remaining copper-pair holdouts onto Bell Fibe. Bell Canada has run a fibre line to a Bell box fastened to the exterior brick wall of her house, but so far, my friend is a relentlessly frugal Bell CO-powered bastion of senior citizen obduracy. It just occurred to me, that she probably saves a couple of cents every month, by drawing her phone-power from the Bell CO, instead of getting her phone power through her metered Toronto Hydro power service. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
From: "Steve Petrie via talk" <talk@gtalug.org>
[...] This same brain-dead abusive Rogers sales loser, actually ended our call by shouting "F**k You !!" at me, before he ended the call. Charming :) Seemed to me his vituperative manner could have been a reflection of a possibly desperate Rogers.
I've read about this kind of thing. There was a post-mortem study after Hydro One had replaced their billing system around 2011..2013 (?). The link to the study may be buried somewhere deep in my old mail here, but there's a taste at https://www.cbc.ca/news/canada/sudbury/hydro-one-on-billing-problems-we-ve-c... Management forecast that trouble calls would tick up by 20% or so fallowing the switchover, and hired more help-line people accordingly. Instead, trouble calls were up by hundreds of percent, and the problems themselves were very gnarly and hard to diagnose. Management responded in a few ways, unfortunately one way was to strongly incentivize the help desk people to end trouble calls faster, and get more calls completed. The word got around that an effective method was to use profane and obscene language to get the customer to hang up. Help-desk people are forbidden to hang up, but if the customer terminated the call it would count as a problem resolution, and therefore a good thing. Taking too long could cost a rep a job. Looks like Rogers could be managing its people the same way. Cory Doctorow posted a relevant article today: https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work... Money quote: "while we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job"
| From: mwilson--- via talk <talk@gtalug.org> | Subject: Re: [GTALUG] landline power [was Re: "AI" on getting correct | technical answers] | Cory Doctorow posted a relevant article today: | https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work... | | Money quote: | "while we're nowhere near a place where bots can steal your job, we're | certainly at the point where your boss can be suckered into firing you and | replacing you with a bot that fails at doing your job" Thanks for the pointer. A great article! I recommend that everyone read it.
On 2024-01-16 13:16, D. Hugh Redelmeier via talk wrote: A great article!
I recommend that everyone read it.
I concur! Pluralistic is a great add to anyone's RSS Feeds. He really nailed it with this one especially. I love how he kept harping on the scammer / desperate-scamee relationship:
Famously, the only reliable way to cash out on the gold rush was to sell "picks and shovels" to the credulous, doomed and desperate.
Warm regards, Mark
It is a good article but not universally true by a long shot, focusing on email-based activities. There are a number of scam-baiting channels on YouTube that lay bare the tactics of many phone scams, and I'm sorry but I'm not going to have much sympathy for those who aggressively harass people away from their money. Sure they're making money for their bosses but their commission does them well too. FWIW, my personal favourite channel of this kind is Scammer Payback <https://www.youtube.com/@ScammerPayback>. - Evan On Tue, Jan 16, 2024 at 1:16 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: mwilson--- via talk <talk@gtalug.org> | Subject: Re: [GTALUG] landline power [was Re: "AI" on getting correct | technical answers]
| Cory Doctorow posted a relevant article today: | https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work... | | Money quote: | "while we're nowhere near a place where bots can steal your job, we're | certainly at the point where your boss can be suckered into firing you and | replacing you with a bot that fails at doing your job"
Thanks for the pointer. A great article!
I recommend that everyone read it. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56
On 1/16/24 11:27, mwilson--- via talk wrote:
Help-desk people are forbidden to hang up, but if the customer terminated the call it would count as a problem resolution, and therefore a good thing.
Several years ago, I was doing some work at a Bell customer, hooking up an Adtran router to Bell ADSL. One site went well, but I couldn't get the other site going. I called Bell's support and got someone who insisted I click on the Start button. Last I checked, Adtran routers didn't have a Start button. The guy (in India) couldn't get off his script and do anything, so I asked to escalate. He then hung up on me. The customer called her Bell rep, who said to call Bell's French line and I'd get someone in Canada, who could likely speak English. I was then able to resolve the issue. It was a Bell wiring error and I was able to finish the job, after they corrected the error. BTW, I used to do both 1st & 3rd level support at IBM.
On 1/16/24 10:21, Steve Petrie via talk wrote:
My last Rogers interaction last week, had a Rogers sales rep ending his call to me, by shouting that I had just wasted his valuable time (because I had told him the technical reasons why I would rather pay a $18 / month Bell Canada premium, over the Rogers monthly service price, to keep my ROCK-SOLID RELIABLE Bell Canada service.
Why do you think it's rock solid? The days of CO powered phones are pretty much long gone. You probably have a pair of wires going out to somewhere in the neighbourhood, where it converts to fibre. Those have been around for years. Also, I suspect that Rogers guy was likely working for a contractor. I can tell you a story or two about Bell "employees", who were in India. BTW, I have worked mostly in the telecom industry, going back to 1972 and have done work for or with Bell, Rogers, Telus, MTS and others. Most recently, I was doing some work in the Rogers office, on Wolfedale in Mississauga.
On 1/16/24 02:45, D. Hugh Redelmeier via talk wrote:
They try to hide the fact that their "home phone" service is over VOIP. For one thing, I think that they have dedicated bandwidth so saturating your internet service won't break your phone service.
Compared to the bandwidth customers have, VoIP doesn't even amount to trivial. For example, I get 1 Gb down and 50 Mb up from Rogers. A "toll quality" call requires 64 Kb in standard TDM systems (1 DS0). With VoIP, the CODEC can require less bandwidth. G.729a requires only 8 Kb/s, though I doubt they're using that much compression. Also, voice calls can be given priority over regular data. By comparison with my 50 Mb/s upstream, the old TDM phone system had 24 DS0s in a DS1 (T1) and 28 DS1s in a DS3 (T3) for about 45 Mb. That's 672 phone calls! With cell phones, the trend is the other way, with better than toll quality CODECs, often called HD voice. VoIP phones can also use the better CODECs.
On Mon, Jan 15, 2024 at 01:12:42PM -0500, Alvin Starr via talk wrote:
Bell and Rogers are now both offering VOIP based home phone services. I assume that they have batteries to keep things running in the event of a power outage but It would be interesting to have someone on list confirm that. I remember many years ago working with an ISDN ATA device from Bell that had NiCad batteries that did not last all that long and had real degradation problems.
You could fix the power issue with a UPS. You could likely pay for the UPS in the phone line savings in the first year.
My new connection at my new house that I moved to (OK I started moving things) about 10 days ago has rogers fibre service with phone running on that. There is definitely no battery in any of the equipment. So the ONT and the router would both need to be on a UPS to keep service running. The router is doing the phone gateway as well as wifi and routing and all that. The ONT is just fibre to ethernet. -- Len Sorensen
On 2024-01-16 17:23, Lennart Sorensen via talk wrote:
My new connection at my new house that I moved to (OK I started moving things) about 10 days ago has rogers fibre service with phone running on that.
There is definitely no battery in any of the equipment. So the ONT and the router would both need to be on a UPS to keep service running. The router is doing the phone gateway as well as wifi and routing and all that. The ONT is just fibre to ethernet.
Bell Canada no longer has to provide power to home phones. They tried to sell us "fib", and said it was powered by them. Not quite the case: their web site says "Please remember that your Home phone service, including access to 9-1-1 emergency services, will not work during a power outage." I suspect they were claiming that the central office was powered by them, and hoping I would buy before I found out that they were telling a nose-stretcher. --dave
On 2024-01-16 17:53, David Collier-Brown via talk wrote:
Bell Canada no longer has to provide power to home phones.
They tried to sell us "fib", and said it was powered by them.
I'm lucky(?) so far in that every time I ask about things like FibeTV I find out that my area of Markham doesn't have fibre available. -- Cheers! Kevin. https://www.patreon.com/KevinCozens | "Nerds make the shiny things that | distract the mouth-breathers, and Owner of Elecraft K2 #2172 | that's why we're powerful" #include <disclaimer/favourite> | --Chris Hardwick
On 1/17/24 18:54, Kevin Cozens via talk wrote:
I'm lucky(?) so far in that every time I ask about things like FibeTV I find out that my area of Markham doesn't have fibre available.
Maybe not to the home, but likely to the neighbourhood.
On 2024-01-17 19:14, James Knott via talk wrote:
On 1/17/24 18:54, Kevin Cozens via talk wrote:
I'm lucky(?) so far in that every time I ask about things like FibeTV I find out that my area of Markham doesn't have fibre available.
Maybe not to the home, but likely to the neighbourhood.
No, it is not available in my neighbourhood. -- Cheers! Kevin. https://www.patreon.com/KevinCozens | "Nerds make the shiny things that | distract the mouth-breathers, and Owner of Elecraft K2 #2172 | that's why we're powerful" #include <disclaimer/favourite> | --Chris Hardwick
On Mon, Jan 15, 2024 at 11:48 AM o1bigtenor via talk <talk@gtalug.org> wrote:
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security.
My preferred 2FA is provided by an authenticator app that doesn't use SMS. Indeed, a number of government agencies have gone that path, as well as my contacts with Mastodon, Discord and my gas utility. And yes, SMS is sent in cleartext and not particularly secure. But someone intercepting a cleartext 2FA without access to the original encrypted login session can't do much with it. So it's not absolute protection but it's a big step up from password alone.
Not sure about all the banks but I know a few will use a phone call that
reads out a number over the phone to be used as a second factor in the login process.
Bank I'm dealing with - - - doesn't.
So switch banks. You can do that without SMS.
Also not sure about all governments and services but a large chunk of
the Ontario government use call back.
Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario.
Oh fercrissake. The OP comments were based on the limits of personal experience, not chauvinism. Given the reaction here it is quite clear that this PROBLEM really hasn't hit
the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA).
I'm sure you know where the border is, good luck over there.
(Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue.
Well, duh. The name-calling, scapegoat-seeking, insult-laden nature of this rant is the antithesis of seeking a solution. This ain't the way to get anyone to listen to you, let alone convince them of your righteousness.
(My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!)
See above. - Evan
My 2 cents ... SUBJECT: Re: [GTALUG] "AI" on getting correct technical answers DATE: 2024-01-15 11:47 FROM: o1bigtenor via talk <talk@gtalug.org> TO: GTALUG Talk <talk@gtalug.org> On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
[snip]
You don't need a cell phone number but need to have a number that will accept SMS. VOIP services offer numbers with SMS features.
[Steve Petrie] My personal policy is dead simple. Any seller / provider REQUIRING me to receive SMS doesn't get my business. If they WON'T send me a code via email, I WON'T use their service. So far so good. One SMS flaw I encountered, was when someone sent me an SMS message (which I never saw because I have no SMS service subscription), and the sender claimed they got no bounce message. If this SMS "black hole" phenomenon exists, that's a REALLY BAD THING. * * * * * * [o1bigtenor] [snip] I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw! [Steve Petrie] My "land line" phone service via a (wall-mounted) Bell Canada-provided Sagemcom HomeHub 4000 modem in my apartment, ALSO DIES WHEN THE POWER FAILS in my apartment. Bell's recommendation is for the Sagemcom 4000-equipped subscriber to purchase their own UPS to assure Sagemcomm 4000 operational continuity. Power outages being so very rare in Toronto, I consider it a waste of $ to buy a UPS. Supposedly (per Bell Canada), from the fibre-side of the Sagemcom 4000 modem in my apartment, all the way to battery-backed Bell upstream electrical-powered facilities, 100% passive fibre facilities in Bell's pole-mounted fibre equipment, require NO ELECTRICAL POWER to operate. [snip] [o1bigtenor] Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). [snip] What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of [snip] open email systems [Steve Petrie] What's "insecure" about email over SMTP ?? Has always seemed rock solid to me. If your OUTBOUND message doesn't get delivered to the recipient, you receive a bounce notification. My understanding is that SMTP has a tiny hole where outbound message non-delivery does not issue a bounce report email to the sender. Never encountered this tiny glitch myself. As for spoofed INBOUND messages, they are always obvious by their general nature. Hackers don't know my personal context, so they can only send me absurdly generic email content. IMHO -- entering a password into a web page + entering a confirmation code sent to my email address, IS 2FA. Is it EVEN POSSIBLE for a clever hacker to spoof my email inbox and steal my inbound email messages ?? I suppose this would require the hacker to: (1) steal my password protecting my email access login at my email hosting provider, or (2) Steal my password protecting my personally-maintained DNS records at my DNS provider, or (3) hack my email hosting provider's infrastructure, or (4) hack my DNS provider's infrastructure. [snip] --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On 2024-01-15 19:03, Steve Petrie via talk wrote:
My 2 cents *...*
Subject: Re: [GTALUG] "AI" on getting correct technical answers Date: 2024-01-15 11:47 From: o1bigtenor via talk <talk@gtalug.org> To: GTALUG Talk <talk@gtalug.org>
[snip] You don't need a cell phone number but need to have a number that will accept SMS. VOIP services offer numbers with SMS features. [Steve Petrie] My personal policy is dead simple. Any seller / provider REQUIRING me to receive SMS doesn't get my business. If they WON'T send me a code via email, I WON'T use their service. So far so good. One SMS flaw I encountered, was when someone sent me an SMS message (which I never saw because I have no SMS service subscription), and
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote: the sender claimed they got no bounce message. If this SMS "black hole" phenomenon exists, that's a REALLY BAD THING.
SMS does have delivery notifications built into the protocol. If you send a message from your phone you can tell that it was delivered. But there are no "bounce backs" with notification of non-delivery. It's not the greatest protocol but it does work. Think of it like UDP. Lots of stuff works well with UDP even though there are no delivery guarantees.
* * * * * * [o1bigtenor] [snip] I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw! [Steve Petrie] My "land line" phone service via a (wall-mounted) Bell Canada-provided Sagemcom HomeHub 4000 modem in my apartment, ALSO DIES WHEN THE POWER FAILS in my apartment. Bell's recommendation is for the Sagemcom 4000-equipped subscriber to purchase their own UPS to assure Sagemcomm 4000 operational continuity. Power outages being so very rare in Toronto, I consider it a waste of $ to buy a UPS. Supposedly (per Bell Canada), from the fibre-side of the Sagemcom 4000 modem in my apartment, all the way to battery-backed Bell upstream electrical-powered facilities, 100% passive fibre facilities in Bell's pole-mounted fibre equipment, require NO ELECTRICAL POWER to operate. Ahhhh. I wondered about that. You will have passive fibre to the remote at which point your on battery backup only if you are in a rural area.
[snip] [o1bigtenor] Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). [snip]
What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of [snip] open email systems [Steve Petrie] What's "insecure" about email over SMTP ?? Has always seemed rock solid to me. If your OUTBOUND message doesn't get delivered to the recipient, you receive a bounce notification.
The bounce may be several days later. SMTP is generally sent in clear-text so there is an argument that a person in the middle can read your email. More people are using TLS encryption but there is no way to enforce that as your mail passes through the various mail servers to get to you.
My understanding is that SMTP has a tiny hole where outbound message non-delivery does not issue a bounce report email to the sender. Never encountered this tiny glitch myself. As for spoofed INBOUND messages, they are always obvious by their general nature. Hackers don't know my personal context, so they can only send me absurdly generic email content.
You would be surprised how much of your context can leak out. I have often gotten email messages about delivery problems with parcels when I order things to be delivered. Somehow the fact that I am getting a delivery has leaked out somewhere.
IMHO -- entering a password into a web page + entering a confirmation code sent to my email address, IS 2FA. Yes it is a very popular 2FA so its not just your opinion. Its likely about as secure as an SMS message
Is it EVEN POSSIBLE for a clever hacker to spoof my email inbox and steal my inbound email messages ?? In theory yes. If they can gain control of your DNS entries they could redirect your MX but that is low risk. If they get your login they could insert an email filter that forwards all your messages to somewhere else. If they have access to your mail server then your messages may be readable using 'cat' or they could modify the mail transport to redirect mails.
I suppose this would require the hacker to: (1) steal my password protecting my email access login at my email hosting provider, or (2) Steal my password protecting my personally-maintained DNS records at my DNS provider, or (3) hack my email hosting provider's infrastructure, or (4) hack my DNS provider's infrastructure. We have the same list of hacks.
But here is one more. If you access your email via a browser it is possible for a hacker to get your session keys and craft up a session and then login to your email without having to actually log in. Which is a good reason to not use SSO services. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
[snip] [Steve Petrie]
Is it EVEN POSSIBLE for a clever hacker to spoof my email inbox and steal my inbound email messages ??
[Alvin Starr] In theory yes. If they can gain control of your DNS entries they could redirect your MX but that is low risk. If they get your login they could insert an email filter that forwards all your messages to somewhere else. If they have access to your mail server then your messages may be readable using 'cat' or they could modify the mail transport to redirect mails. [Steve Petrie]
I suppose this would require the hacker to: (1) steal my password protecting my email access login at my email hosting provider, or (2) Steal my password protecting my personally-maintained DNS records at my DNS provider, or (3) hack my email hosting provider's infrastructure, or (4) hack my DNS provider's infrastructure.
[Alvin Starr] We have the same list of hacks. But here is one more. If you access your email via a browser it is possible for a hacker to get your session keys and craft up a session and then login to your email without having to actually log in. Which is a good reason to not use SSO services. [Steve Petrie] Ahhhh. SSO (single sign on) -- Is it an SSO offer, when my Firefox browser "helpfully" asks me if I would like it [my browser] to "remember" my login credentials ?? I always respond in the NEGATIVE to these "helpful" browser offers. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Steve Petrie via talk wrote on 2024-01-16 05:41:
Ahhhh. SSO (single sign on) -- Is it an SSO offer, when my Firefox browser "helpfully" asks me if I would like it [my browser] to "remember" my login credentials ??
No, SSO where one signs in to a site they've never visited via their Google or GitHub account, for example.
I always respond in the NEGATIVE to these "helpful" browser offers.
So, you type in user and password every time you log into every site? I can't imagine the internet being very useful in that case, but everyone's got different risk tolerances, plus I may be misunderstanding your method of logging in to sites. I guess I don't understand how having one's browser save username and (hopefully long) password combos gets "scare quotes" around "helpful". rb
-------- Original Message -------- SUBJECT: Re: [GTALUG] "AI" on getting correct technical answers DATE: 2024-01-16 08:54 FROM: Ron / BCLUG via talk <talk@gtalug.org> TO: talk@gtalug.org Steve Petrie via talk wrote on 2024-01-16 05:41:
Ahhhh. SSO (single sign on) -- Is it an SSO offer, when my Firefox browser "helpfully" asks me if I would like it [my browser] to "remember" my login credentials ??
[rb] No, SSO where one signs in to a site they've never visited via their Google or GitHub account, for example. [sp]
I always respond in the NEGATIVE to these "helpful" browser offers.
So, you type in user and password every time you log into every site? I can't imagine the internet being very useful in that case, but everyone's got different risk tolerances, plus I may be misunderstanding your method of logging in to sites. [sp] No. You're not misunderstanding me. I obsessively type in my userid and super-long obsessively randomized password EVERY TIME I sign on my Firefox browser to my webmail service. In fact, I type in EVERYWHERE a super-long obsessively randomized password, EVERYWHERE A PASSWORD IS REQUIRED. (This absurdly over-the-top hyper-anal security-obsessive behaviour, is likely a happy combination of: (1) innate masochism, smoothly blended with (2) a tight-assed White Anglo-Saxon Protestant (WASP) obsessive detail-orientation, (3) sweetly encapsulated with the vestiges of an engineering education. The ridiculously obsessive webmail sign on, has become so habitual, it only takes me a few seconds, because I have perfectly memorized my very long and obsessively randomized password. Every such keyboard-laborious sign on, gives me a tiny thrill of pleasure, in knowing that my very long and obsessively randomized password is extremely spoof-proof. * * * * * * [rb] I guess I don't understand how having one's browser save username and (hopefully long) password combos gets "scare quotes" around "helpful". [sp] Kindly forgive my lack of mailing list etiquette knowledge. I didn't know that use of scare quotes conveyed such implications. My use of scare quotes was merely for emphasis. Hopefully, a use of bolding instead of scare quotes will improve my list etiquette skill rating :) --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On Mon, Jan 15, 2024 at 7:37 AM o1bigtenor via talk <talk@gtalug.org> wrote: One doesn't use a cell phone (well I wouldn't) but a cellphone number is
demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
OK, what other ways of verifying identity would you prefer? You can still do most of what needs to be done with banks and government through in-person and/or postal service that can be done without connectivity of any kind. I understand that you don't get the problem but then you are an urban
dweller
As are more than 80% of Canadians. who has absolutely no idea what its like trying to connect to an ever increasing
number of entities that demand SMS connectiviity
You're right, I have no idea. I logically assume that if someone wants to "connect" that first they possess a device capable of "connecting". Please explain why this should not be the case. FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS. - Evan
On Mon, Jan 15, 2024 at 11:38 AM Evan Leibovitch <evan@telly.org> wrote:
On Mon, Jan 15, 2024 at 7:37 AM o1bigtenor via talk <talk@gtalug.org> wrote:
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
OK, what other ways of verifying identity would you prefer?
Sending a secure email to my secure email account would be a start. Except the preferrence is to gmail - - - to feed the advertising engine you know!
You can still do most of what needs to be done with banks and government through in-person and/or postal service that can be done without connectivity of any kind.
Postal service - - - - what a misd nomer!!! Post office hours are such so that that would necessitate a special trip into town. (Gross costs about $35.) Bank I am dealing with doesn't do in person stuff any more - - - they might upon special request but as I'm neither part of the 'elderly' (yet) nor infirm that's also a no go.
I understand that you don't get the problem but then you are an urban dweller
As are more than 80% of Canadians.
Its actually 93% or Canuckistanis - - - which is why its so frustrating for the other 7% - - - the 93% asks why should we give a c**p - - - they see no need for the fix. Except even among urban dwellers there is a rapidly widening availability of services and the probelm is increasing rather than diminishing. (Cell phone access is based upon maximal profit for the providers not upon providing a service. This has supposedly been an election issue for just short of some 25 years here and still no changes - - - just more platitudes!)
who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity
You're right, I have no idea. I logically assume that if someone wants to "connect" that first they possess a device capable of "connecting".
Please explain why this should not be the case.
Why should this method of 'connecting' be imposed upon those who don't even have the option to use it?
FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS.
Hmmmmmm - - - you're still using a stupid phone - - - - - lets say your stupid phone service died and you would not be able to replace said service for 60 days - - - what would you do then? It doesn't seem like you're getting the extent of the issue - - - you're offerring solutions that just don't work if one doesn't have access to cellphone service. I have one - - - use it when I go into town - - - - otherwise - - - imo - - - - its a stupidly expensive (and quite useless here) communication device - - - - and not much else. Regards
Not trying to be a smartypants. Genuinely curious regarding the following:
Sending a secure email to my secure email account would be a start.
What is the definition of secure email or secure email account in the above sentence?
Except the preferrence is to gmail - - - to feed the advertising engine you know!
Do I understand correctly that you've run into websites that insist on users signing up with a gmail account, or am I understanding this wrong? If so, what are some examples of such services? Alex Kink (PGP Key <https://alexkink.net/public_key.asc>) +1 416 887 4795
On Jan 15, 2024, at 13:53, o1bigtenor via talk <talk@gtalug.org> wrote:
On Mon, Jan 15, 2024 at 11:38 AM Evan Leibovitch <evan@telly.org> wrote:
On Mon, Jan 15, 2024 at 7:37 AM o1bigtenor via talk <talk@gtalug.org> wrote:
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
OK, what other ways of verifying identity would you prefer?
Sending a secure email to my secure email account would be a start. Except the preferrence is to gmail - - - to feed the advertising engine you know!
You can still do most of what needs to be done with banks and government through in-person and/or postal service that can be done without connectivity of any kind.
Postal service - - - - what a misd nomer!!!
Post office hours are such so that that would necessitate a special trip into town. (Gross costs about $35.) Bank I am dealing with doesn't do in person stuff any more - - - they might upon special request but as I'm neither part of the 'elderly' (yet) nor infirm that's also a no go.
I understand that you don't get the problem but then you are an urban dweller
As are more than 80% of Canadians.
Its actually 93% or Canuckistanis - - - which is why its so frustrating for the other 7% - - - the 93% asks why should we give a c**p - - - they see no need for the fix. Except even among urban dwellers there is a rapidly widening availability of services and the probelm is increasing rather than diminishing. (Cell phone access is based upon maximal profit for the providers not upon providing a service. This has supposedly been an election issue for just short of some 25 years here and still no changes - - - just more platitudes!)
who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity
You're right, I have no idea. I logically assume that if someone wants to "connect" that first they possess a device capable of "connecting".
Please explain why this should not be the case.
Why should this method of 'connecting' be imposed upon those who don't even have the option to use it?
FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS.
Hmmmmmm - - - you're still using a stupid phone - - - - - lets say your stupid phone service died and you would not be able to replace said service for 60 days - - - what would you do then?
It doesn't seem like you're getting the extent of the issue - - - you're offerring solutions that just don't work if one doesn't have access to cellphone service.
I have one - - - use it when I go into town - - - - otherwise - - - imo - - - - its a stupidly expensive (and quite useless here) communication device - - - - and not much else.
Regards --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
On Mon, Jan 15, 2024 at 1:08 PM Alex Kink <alex@alexkink.com> wrote:
Not trying to be a smartypants. Genuinely curious regarding the following:
Sending a secure email to my secure email account would be a start.
What is the definition of secure email or secure email account in the above sentence?
Have an account at proton - - - one of the services where they seem to actually try to not track one. A secure email would, by my definition, not have any links in the originating website from the quadrivium (you know X (was twitter I think), crackbook, mz googly and can't remember the fourth but my bank is quite proud to display that its totally cool and is totally connected so I see them when I do my banking! (Not all the time but imo that they're connected anytime is bad!)
Except the preferrence is to gmail - - - to feed the advertising engine you know!
Do I understand correctly that you've run into websites that insist on users signing up with a gmail account, or am I understanding this wrong? If so, what are some examples of such services?
That's when they're asking me to log in using mz googly's services. Man - - - - there's lots - - - I don't do that but there are plenty that do. HTH
On 2024-01-15 13:53, o1bigtenor via talk wrote: [snip]
FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS. Well some authenticator apps may only run on phones but not all of them. a number have standalone workstation versions.
So there is no need for a cell phone at all. Of course if you have lost control of your workstation or your phone then your authenticator app is compromised.
Hmmmmmm - - - you're still using a stupid phone - - - - - lets say your stupid phone service died and you would not be able to replace said service for 60 days - - - what would you do then? Use your workstation.
It doesn't seem like you're getting the extent of the issue - - - you're offerring solutions that just don't work if one doesn't have access to cellphone service. The solutions work but it may require a slight compromise on your end.
I have one - - - use it when I go into town - - - - otherwise - - - imo - - - - its a stupidly expensive (and quite useless here) communication device - - - - and not much else. Where do you live that the service is so bad?
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Jan 15, 2024 at 2:46 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 13:53, o1bigtenor via talk wrote: [snip]
FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS.
Well some authenticator apps may only run on phones but not all of them. a number have standalone workstation versions.
Had not heard of such to date - - - thank you.
So there is no need for a cell phone at all.
Of course if you have lost control of your workstation or your phone then your authenticator app is compromised.
Of course!
Hmmmmmm - - - you're still using a stupid phone - - - - - lets say your stupid phone service died and you would not be able to replace said service for 60 days - - - what would you do then?
Use your workstation.
It doesn't seem like you're getting the extent of the issue - - - you're offerring solutions that just don't work if one doesn't have access to cellphone service.
The solutions work but it may require a slight compromise on your end.
Compromise being?
I have one - - - use it when I go into town - - - - otherwise - - - imo - - - - its a stupidly expensive (and quite useless here) communication device - - - - and not much else.
Where do you live that the service is so bad?
In rural Canada (more accurately in rural Manitoba) - - - that this is surprising is actually quite astounding to me. Service is this bad in significant amounts of rural Canada. So bad in fact that emergency responders (flooding/forest fires) have refused to assist in certain areas. "The safety of their personnel would be compromised was the response." Not much concern for those living there. Lived in one are where you had to drive some 30 odd km to get to the closest point where you just might get a cell phone signal - - - that's when its really bad. Here I could walk north of the yard a couple hundred meters and I would get a poor signal - - - still tough to use with my desktop - - - yes? Thanks for the info! Regards
Taking this off list. On 2024-01-15 18:15, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 2:46 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 13:53, o1bigtenor via talk wrote: [snip]
FWIW, much of my most important supplemental authentication -- including a number of government accounts -- is done through an authenticator app which does not rely on SMS.
Well some authenticator apps may only run on phones but not all of them. a number have standalone workstation versions. Had not heard of such to date - - - thank you. google authenticator has a chrome extension you can use. I use a package called authy that has a desktop version. It may not be the most secure because it communicates new authentication keys with the other authy clients you have installed.
So there is no need for a cell phone at all.
Of course if you have lost control of your workstation or your phone then your authenticator app is compromised. Of course!
Hmmmmmm - - - you're still using a stupid phone - - - - - lets say your stupid phone service died and you would not be able to replace said service for 60 days - - - what would you do then?
Use your workstation.
It doesn't seem like you're getting the extent of the issue - - - you're offerring solutions that just don't work if one doesn't have access to cellphone service.
The solutions work but it may require a slight compromise on your end. Compromise being? I have clients who use MS and I hate MS products and services. But I use them because it just makes my life a lot easier than constantly trying to explain why I will not use the shit office stuff. Authy's linux client comes as a Snap and I hate Snaps and flatpacks but It works so I put up with it. Its either that or build my own version from their sources.
I have one - - - use it when I go into town - - - - otherwise - - - imo - - - - its a stupidly expensive (and quite useless here) communication device - - - - and not much else.
Where do you live that the service is so bad?
In rural Canada (more accurately in rural Manitoba) - - - that this is surprising is actually quite astounding to me. Service is this bad in significant amounts of rural Canada. So bad in fact that emergency responders (flooding/forest fires) have refused to assist in certain areas. "The safety of their personnel would be compromised was the response." Not much concern for those living there. Lived in one are where you had to drive some 30 odd km to get to the closest point where you just might get a cell phone signal - - - that's when its really bad. Here I could walk north of the yard a couple hundred meters and I would get a poor signal - - - still tough to use with my desktop - - - yes? I had no obviously easy to know where your posting from. I guess the thing is that your posting to a Greater Toronto Area LUG from away. There is no reason why you should not do that, its just the assumption that your likely local. I know a lot of people on this list and they are all pretty well local but for one guy in Africa.
We have a cottage and I like to work from there but it is in Rural Ontario and I could provide you with days of complaints about the quality of service and how I dislike Bell. Because the area were we are is gently rolling hills we have 0 cell phone coverage in the bowl that our lake sits in. There is DSL but the link speeds can be measured in bits/second. Last year I got Starlink and cut my bell connections but for the party line that we keep just for emergencies. Starlink works very well but is not cheap ($160/month) but now I can work from the cottage. P.S. I looked at the PDFs you sent and I get where the person is coming from and they are suggesting that they use RSA SecureID hardware keys. The trouble is that you would have a hard time to get customers to buy hardware keys for a few hundred dollars a piece. Secure keys work for enterprises who are investing thousands of dollars in an employee but not so much for the guy who wants to have an Outlook email account. And even at that the RSA keys have been hacked. The phone hacks mentioned are real but for someone to steal your phone service or setup a bogus cell tower next to you. It can be done but is fairly low risk. You have to keep the relative risks and benefits in mind when you are doing these things. If you want complete security then turn your computer off because there are demonstrations of people getting the crypto keys by monitoring the power LEDs or power supplies AC usage. People have done demonstrations of reading a screen from the EM that it emits and other have go so far as to use telescopes to read the screen from your eye reflections. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, 15 Jan 2024 23:38:58 -0500 Alvin Starr via talk <talk@gtalug.org> wrote: <snip>
I had no obviously easy to know where your posting from. I guess the thing is that your posting to a Greater Toronto Area LUG from away. There is no reason why you should not do that, its just the assumption that your likely local. I know a lot of people on this list and they are all pretty well local but for one guy in Africa.
one guy in Africa, I guess this be me. So anyway, when I subscribed to TLUG I was visiting my Aunt (my mothers sister), a Canadian whom and lived and worked in Toronto for 40+ years (newspaper editor/teacher/writer) and I wanted to connect with the local Linux community in Toronto... I got to know some people in the community and then I guess I just never left, some people on this list are really just very cool people. so, my Aunt passed away, and my Mom a few months ago, the past few years were not great years for me. Anyway, just thought I would put this out here for those that do not know anything about this one guy in Africa :) Andre -- added '--' above so that it 'should' read as a sig and not bug/bother read more about me (if you are bored), so get a coffee and read! === about me in a nutshell: I use Linux for everything. I love Linux. I operate a very small boutique ISP with 60k odd mailboxes and a few thousand websites. I dev my own stuff, my own EPP systems (I am a domain registrar), operate/manage many many DNS servers, many email servers and I totally do my own thing - all on Linux. I have been on the Internet since I switched of my bbs circa 1988 (compuserv) For fun I dev NEW stuff, (initially cult of the dead cow type stuff, much later fyodor (GL - if using google add: nmap) type stuff, and then onto larger things for example, I started making my own Linux in the late 90's I started making my first web application in 2001 (stopped it in 2008) the code, around 500 000 lines of it - is published under the GPL) - made my first mobile phone app in 2007. Started making "AI" in 2010 (stopped ai dev in 2014) I have not done much the past ten years, except maintain a few libraries (lgpl and gpl stuff) and this and that on dnssec, some internet abuse type stuff, a few bind stuff and I am also now doing something else, which I think may have legs, but the jury is still out on that. As a kid, and growing up I went to a farm school, I learned wood working, arc and gas welding and at University an accountant (with computer science at least :) ) in .za we had to do compulsory 'military service' so I was in the Police and I have done so many interesting things, most of which I will not bore you with as much of it is unbelievable anyway.
On Tue, 16 Jan 2024 at 00:56, Alvin Starr via talk <talk@gtalug.org> wrote:
google authenticator has a chrome extension you can use. I use a package called authy that has a desktop version.
For RFC 6238 Timed-based One-time Password (TOTP), which most sites that offer TOTP use, I use the Google Authenticator app on my phone and KeePassXC for PCs. When adding a new site, I set up both at the same time, with the same key/QR code, so they generate the same codes and I can use either to sign in. https://keepassxc.org/ However, if offered, my first choice for 2FA is a physical security key. I have a Google Titan key. https://store.google.com/ca/product/titan_security_key Yubico keys are probably the more popular choice and offer models with more features. https://www.yubico.com/products/ It's more convenient to press a button instead of having to enter a code, even if you can copy and paste the code. Most sites allow you to set up both TOTP and physical key based 2FA, which I do in case I don't have my Titan key with me. There's also the relatively new "passkey" standard for phones, that doesn't require a hardware key or entry of a passcode. I haven't seen much use of this yet. https://fidoalliance.org/passkeys/ -- Scott
On 2024-01-15 18:15, o1bigtenor via talk wrote:
In rural Canada (more accurately in rural Manitoba) - - - that this is surprising is actually quite astounding to me. Service is this bad in significant amounts of rural Canada. So bad in fact that emergency responders (flooding/forest fires) have refused to assist in certain areas. "The safety of their personnel would be compromised was the response." Not much concern for those living there. That seems ridiculous. First responders should not be relying on use of a cell phone. They always(?) have radios. If the problem is that bad they should be using sat phones instead of regular cell phones.
-- Cheers! Kevin. https://www.patreon.com/KevinCozens | "Nerds make the shiny things that | distract the mouth-breathers, and Owner of Elecraft K2 #2172 | that's why we're powerful" #include <disclaimer/favourite> | --Chris Hardwick
On Tue, Jan 16, 2024 at 4:23 PM Kevin Cozens via talk <talk@gtalug.org> wrote:
On 2024-01-15 18:15, o1bigtenor via talk wrote:
In rural Canada (more accurately in rural Manitoba) - - - that this is surprising is actually quite astounding to me. Service is this bad in significant amounts of rural Canada. So bad in fact that emergency responders (flooding/forest fires) have refused to assist in certain areas. "The safety of their personnel would be compromised was the response." Not much concern for those living there. That seems ridiculous. First responders should not be relying on use of a cell phone. They always(?) have radios. If the problem is that bad they should be using sat phones instead of regular cell phones.
If I can find the specific groups that were involved at that time - - - - are you willing to inform them of that? Regards
participants (16)
-
ac -
Alex Kink -
Alvin Starr -
D. Hugh Redelmeier -
David Collier-Brown -
Don Tai -
Evan Leibovitch -
James Knott -
Kevin Cozens -
Lennart Sorensen -
Mark Prosser -
mwilson@Vex.Net -
o1bigtenor -
Ron / BCLUG -
Scott Allen -
Steve Petrie