Hasherm0n @ Hasherm0n @lemmy.world

Posts

1

Comments

122

Joined

2 yr. ago

I saw a quote years ago about "common sense" that really changed the way I thought about it. I wish I could remember now where it came from.

"The problem with common sense is that it is common, not good."

Lately I google for someone that should give me a direct, exact result. First five links are fucking paid ads.

For anyone that hasn't read it, the book Surely You're Joking Mr Feynman is a delightful read. Especially the bits about him fucking with security during the Manhattan project.

You're thinking of American Samoa which is different from the Independent State of Samoa, formerly known as Western Samoa and a sovereign nation.

https://en.m.wikipedia.org/wiki/Samoa https://en.m.wikipedia.org/wiki/American_Samoa

https://tenor.com/blhOD.gif

Seriously though, those looking amazing.

Well that just solved the question of "what should I watch tonight?"

I always made sure I had Thomas guide book for any areas I went through in my car.

For anyone unfamiliar with the source.

https://archive.org/stream/i-have-no-mouth-and-i-must-scream_202202/I%20Have%20No%20Mouth%20And%20I%20Must%20Scream_djvu.txt

Until you find out those were also built by a junior using an llm to help 🙃

Hey, as a random Internet stranger I'm just going to say that I'm proud of you. Everyone has their own path to becoming a better them and I'm glad you're doing the things that work for you. Keep it up!

What you want is NIST 800-63b https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret

Specifically sections 5.1.1.1 and 5.1.1.2.

Excerpt from 5.1.1.2 pertaining to complexity and rotation requirements:

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Appendix A of the document contains their reasoning for changing from the previous common wisdom.

The tl;dr of their changes boil down to length is more important than any other factor when it comes to password security.

Edit to add:

In my personal opinion, organizations should be trying to move away from passwords as much as possible. If your IT team seems to think this system is so important that they need to rotate passwords every month, they should probably be transitioning to hardware security tokens, passkeys, or worst case, password with non-sms MFA.

Now I know nothing about the actual circumstances and I know there are plenty of reasons why that may not be possible in this specific case, but I'd feel remiss if I didn't mention it.

This is what I grew up calling it was well.

Any organization still doing this is a decade behind best practices. NIST published new recommendations years ago that specified getting rid of the practice of regular forced password resets specifically because they encourage bad practices that make passwords weaker.

Of course it doesn't help that there are some industry compliance standards that have refused to update their requirements, but I don't know of any that would require monthly password changes.

They actually have a fairly comprehensive training program setup through their "University." They also mix in foreign contractors, usually from China.

My dad cracked three ribs while surfing in his 20s. He caught a wave much larger than normal, fell off his board near the top and landed flat on his back.

I almost did before the outage. Their pay was pretty low compared to similar positions at other companies though.

They're about raising the sarcophagus. Those things can be heavy.

One of my favorite T-shirts. https://www.teepublic.com/t-shirt/23763923-utc-or-gtfo

(I am not affiliated in any way with this shop)

Magic carpet 2, the Netherworlds is one I played a ton and think of from time to time. I wonder what I modern remake would be like.

It's the first game I remember playing with deformable terrain.