|
..I read in the article that there may be a lot more black holes that we simply don't see.
Sounds like a more viable explanation for all that unexpected gravity than "dark energy".
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Kent Sharkey wrote: "Black hole sun, won't you come?" I was able to hear that sound all the way out in the garden.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
1,000 light years away? Did they even turn their telescopes towards Washington D.C.? Taxes get sucked out of my paycheck every 2 weeks, and I have no idea where they go...well thats not true, I know where they go, but not sure what happens after that.
|
|
|
|
|
You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. Not if you need to be compliant with European data protection law. Great. Now I want a cookie, but to order some I'd need to approve the cookies on the store's website
|
|
|
|
|
This week, we announced four new products to help all software communities work together For all the gits in your life
|
|
|
|
|
A former head of Office and Windows details how malware and antitrust shaped the Microsoft we know today. And they would have gotten away with it too, if it weren't for those danged kids...and their dog!
It was all done by groundskeeper Steven in a mask!
|
|
|
|
|
Quote from NixRocks' reply to article that says it best: "Sinofsky notes in a preview of the book that Microsoft products at the dawn of 2000 "were increasingly viewed as buggy or unstable". "
And in 2020 that hasn't changed. MS keeps re-inventing the wheel over and over and over again, but instead of creating a round wheel, they just use random non-round shapes as they redesign, rejecting all feedback from their customers that just want a round wheel. Worse, the leadership has gone on record basically saying that the round wheel is obsolete and they will never return to it. "Clearly the ride quality with Microsoft triangle wheels is a user problem, users just need more training to understand just how awesome our triangle wheels are."
|
|
|
|
|
And a lot of people just don't want their wheels in a cloud.
TTFN - Kent
|
|
|
|
|
David O'Neil wrote: rejecting all feedback from their customers that just want a round wheel. Worse, the leadership has gone on record basically saying that the round wheel is obsolete and they will never return to it.
And this is something for which Sinofsky was particularly guilty at Microsoft. He was responsible for the disaster of Windows 8, when the beta and technical testers were telling him, on a massive scale, the the UI was unsuitable desktops and laptops.
But he, along with others in influential positions (not just at Microsoft, Ubuntu and Mozilla too were affected by the same blinkered thinking), just couldn't understand that touch centric was NOT going to take over the world entirely and especially not on desktop/laptop form factors which were not magically going to disappear overnight.
|
|
|
|
|
According to the work cadence data of 40,000 paid organisation accounts on GitHub Coders gotta code
Work/Life balance is more difficult when they're done in the same location.
|
|
|
|
|
Remote workers log more hours. Although they may not always have a manager nearby to monitor their productivity, remote workers log more hours at their primary job than do their counterparts who work on-site. Remote workers log an average of four more hours per week than their on-site counterparts.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Today we are introducing a new program, Web Vitals, an initiative by Google to provide unified guidance for quality signals that, we believe, are essential to delivering a great user experience on the web. "And get the machine that goes 'ping!'."
I'm sure that no data is used to target ads anywhere.
|
|
|
|
|
Two-thirds of people recycle the same password or use variations on the same basic one, according to LogMeIn. I'm sure people will do it now that they've been asked nicely
|
|
|
|
|
F*** that..
Stop asking us to 'register' to view the latest puppies!
It's like the security people hope to educate us to use 8623465 different unique long passwords. F*** them stupid!
And don't get me started on "you already used that password" policies...
In fact, come to think of it, I don't know my passwords, always use "forgot your password" functionality anytime a site ask me... I think they might as well be different...
modified 5-May-20 20:40pm.
|
|
|
|
|
Super Lloyd wrote: always use "forgot your password" functionality anytime a site ask me...
Better, and cheaper than a Password Manager.
TTFN - Kent
|
|
|
|
|
Super Lloyd wrote: I don't know my passwords, always use "forgot your password" functionality My browser remembers them for me. Except for "important" passwords, e.g. bank account.
Oh sanctissimi Wilhelmus, Theodorus, et Fredericus!
|
|
|
|
|
I reject 99% of web sites requiring me to log in for obtaining information, in particular web shops that won't reveal their prices until I tell them my spambox address. Some go as far as to demand that I set up an order, tell them my phone number and street address, to give me a quotation; then I can cancel the order, but they know how to bug me later. Some even demand that I establish an account to show me their inventory!
If they don't want me as a customer (that is how I read it!), then they won't have me as a customer.
|
|
|
|
|
My phone number for sites that don't need it is 911-555-1212.
911 is the emergency number in North America (similar to 999 or 112)
and 555-1212 is Directory Assistance
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
|
|
|
|
|
Kent Sharkey wrote: Two-thirds of people recycle the same password or use variations on the same basic one How is using a different password everywhere really that much better? You'll never remember them all if you use that approach so then you have to use a password manager and if you do, then ALL of your passwords are behind ONE SINGLE password. I don't see how that is better.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
I certainly do not trust password managers never to be compromised. Especially Internet based ones.
So I use a three-part scheme: where - who - security.
'Where' is how I think of the service: The (short) name of the web site, the kind of service etc. Usually masked, like for access to the postal service, I use 'præ' rather than 'post'. 'Who' is my nick or login name, either at the service or locally. 'Security' has one of three values, one for services where a break-in doesn't hurt me (e.g. if they read the local newspaper using my account), one where would like to people not to steal my identity, and the last one is 'secure', e.g. for banking.
Some services require password change every x weeks. Then I append a serial number to the 'who' part.
So I end up with a long (typically 12-15 char) password not suitable for bruteforcing. The merging of three words into one long one prevents dictionary lookups - after my masking (with a strong preference for using our Norwegian vowels, æøå, wherever allowed) it looks like line noise that cannot easily be broken into separate words. I could for example use 'kPnørwaya1tø' for Code [=key] Project, the Norwegian guy, a1tø (a masking of 'alto'; I was singing in a mixed chorus for a many years, so I use vocal terms as tags). I doubt that you would be able to find 'kPnørwaya1tø' by a dictionary lookup. 12 chars is at least 96 bits; that is a little too heavy for brute force lookup. It is also so long that people looking over my shoulder will loose track.
I easily remember not to use 'Code' but 'Key' for CodeProject. I use only a handful nicks, and usually only three different tags. The only part that gives me trouble is the serial number required for sites who inisist on frequent change: For one of them, I recently had a wraparound from 9 to 0 ... but it wasn't accepted, "You have used that password before"! So I extended it to hexadecimal. But I guess that at the next update I will go to two-digit serial no.
If someone picks up my CP password in cleartext (if you consider 'kPnørwaya1tø' cleartext ), they will see my 'private level' tag - assuming that they know the 3-level structure of it - and could use that to try to break in on other accounts of mine. But they would have to know my masking rules and what I consider my identity at the other site, and it would only work for sites at the same security level.
I have been in the habit of using such passwords for years. Even if I have forgotten the password, I rarely have to make more than two or three guesses to hit the right one - when 'CPnørwaya1tø' fails, I easily remember that I had masked 'Code' as 'key'.
The only thing I fear is keyloggers. A couple of years ago, the Norwegian Department of Justice proposed a law change that would give the police the right to infect any PC connected to the Internet (in Norway) with a keylogger, for eavesdropping every single word written by the PCs owner. (I am dead serious now!) Officially, they would not make use of this facility except in criminal investigations, but history shows that they do not always stay within such restrictions. (For phone, they already have the right to eavesdrop not only suspects, but anyone phone that the suspects have been in contact with. They can not, legally, go one step further, bugging all phones that have been in contact with phones that have been in contact with a suspect - they wanted to, but it was rejected.) Fortunately, the parliament rejected the proposed law change.
Nevertheless: Police investigators do not always respect the law. Nor do criminals. Either could have put a keylogger into my PC. So when I open and edit confidential documents, I disconnect from the internet. When I write high-security passwords, I do not type them in one stretch, but take a brief visit to another window where I can type something else - the keylogger won't know which characters go into which window. I know that I am paranoid, but they still may be after me.
|
|
|
|
|
It's down to your threat model.
You seem to be worried about someone hacking your local PC and getting access to your password manager's database. But if that happens, you've got bigger problems to worry about. And any decent password manager will have encrypted the database using your master password, which shouldn't be stored anywhere on your computer.
Similarly with password managers which store or back-up the database to an online site: any decent tool will have encrypted the database, and the encryption key won't be stored on the server. If the server is breached, there wouldn't be any trivial way to retrieve your passwords.
Whereas if you reuse the same password across multiple sites, you're relying on the developers behind all of those sites to protect your data properly. You just need to spend five minutes in QA to see how unlikely that is! If even one site stores your password insecurely and suffers a data breach, your accounts on all of the other sites you've used the same password for are at risk.
Troy Hunt: The only secure password is the one you can’t remember[^]
Troy Hunt: Password managers don't have to be perfect, they just have to be better than not having one[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: You seem to be worried about someone hacking your local PC No, LastPass for example, is online.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
And, as I said, the database will be encrypted with a key which isn't stored on their server. If their server was breached, the attacker would still be a long way from having all of your passwords.
Whereas if you're reusing a single password across multiple sites, you only need one of those sites to be written by someone who doesn't know what they're doing to have your password stolen.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: the database will be encrypted with a key which isn't stored on their server. An assumption.
You seem to be assuming that something like LastPass will never be hacked but other websites could be hacked.
In your scenario you're hoping that one single point of failure never fails. Those very words should stand out. It also makes those single points of failures huge targets.
I'm not saying one way is better than the other, I just find it interesting that a bunch of developers would think trusting a single site is the only way to do it.
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
ZurdoDev wrote: An assumption.
No, a statement direct from the horse's mouth:
Security | LastPass[^]
What Happens if LastPass Gets Hacked | Our Security Model[^]
Also backed up by other sources - for example:
Is LastPass secure enough? | NordVPN[^]
Back in 2017, one user discovered that the URL of the site wasn't being encrypted, whilst everything else was:
PSA: LastPass Does Not Encrypt Everything In Your Vault | Hacker Noon[^]
It's up to you to decide whether that concerns you enough to avoid the product.
ZurdoDev wrote: You seem to be assuming that something like LastPass will never be hacked but other websites could be hacked.
Read my message again. I explicitly mentioned the possibility of their site being hacked.
The difference is that if it happened, the hackers would get a database containing encrypted data, and would have no access to the encryption key. They would not have your passwords.
Compare that to the level of code often seen in QA - passwords stored in plain text, or at best using unsalted MD5 hashes; SQL Injection vulnerabilities everywhere; I've even seen people trying to store your password in an unsecured cookie to implement a "remember me" feature!
ZurdoDev wrote: I just find it interesting that a bunch of developers would think trusting a single site is the only way to do it.
As I said, if you don't trust LastPass, use a different password manager. Use one that stores your passwords off-line if you prefer.
Unless you're in a shared workspace with people you don't trust, even a notebook with your passwords written in it would be better than remembering a single password and using it everywhere!
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|