who @ who @feddit.org

Posts

47

Comments

312

Joined

4 mo. ago

No, there is no valid reason to limit web passwords to lengths as short as 8 or 16 characters. If someone has built such a system with a technical limit that short, then what they have built is (from a security perspective) garbage.

Thankfully, NIST finally dropped their terrible password guidelines of the past in favor of sensible ones. Perhaps this will lead to fewer bad decisions being made in web development circles.

A few relevant sections:

https://pages.nist.gov/800-63-4/sp800-63b.html#usability-considerations-by-authenticator-type

https://pages.nist.gov/800-63-4/sp800-63b.html#length

https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

Obligatory xkcd:

https://xkcd.com/936/

(To be clear, this comic's approach to passphrases is sound advice.)

and potentially to watch US citizens as well

Anyone who thinks this is not being used on US citizens is incredibly naïve.

Git is for text files and retaining a history of every change and every state that has ever existed. It is the wrong tool for what you want, because it would be wasteful of resources.

I suggest automating lossy encodings locally (there are quite a few approaches you could use here, such as a cron job with the encoder of your choice), and automating an rsync job to keep your server updated.

Related: Goblin Mode

https://en.wikipedia.org/wiki/Goblin_mode

https://languages.oup.com/word-of-the-year/2022/

https://knowyourmeme.com/memes/goblin-mode

At least one of the named routers (RT-AC3100) is supported by OpenWRT, which generally has a better security track record than stock firmware.

I count 341 dependencies. This massive attack surface might be a problem for people who care about security.

To be clear, this is not unusual in the Rust ecosystem. It's a bit of an awkward situation: Rust's big value proposition is security through memory safety, but that is undermined by its not-especially-rich standard library and Cargo's encouragement of pulling in many dependencies. I hope this will improve in the years to come.

It would be interesting to see the annual global power consumption from design choices like this.

If I wanted to do this, I think I would start by getting to know the IT staff. This would:

• Help me to understand the challenges they face in getting their work done: what's problematic for them, what's helpful, what skills they already have, etc. This would eventually guide me in how to approach suggesting changes with minimal friction.
• Make me a familiar person to them, and allow opportunities to build trust in my skills, knowledge, and judgment. If this is established before I ever suggest a change, it could avoid some of the doubt and resistance that would surely come if a stranger walked up and pushed for changes. I want to be a friend, not a foe.
• Potentially identify an ally within IT: Someone who might already want to make the switch (perhaps because they're tired of Microsoft's BS) or at least agree that it would make sense. An ally on the inside would not only make it easier to get others to seriously consider the change, but also potentially help gather information about how MS Office is currently being used so that I could prepare equivalent LibreOffice workflows for users who need them.

I suggest taking your time, and saving Linux for later so that it doesn't create more friction against moving to LibreOffice.

A package is "kept back" when it faces requirements that can't be resolved while adhering to the given options.

For example, this can happen when a dependency at a certain version is required, but that version is available only from a source (e.g. backports) whose priority is too low to be used by default*. You can resolve this particular situation by naming not only the main package, but also the dependency in question, on your apt install -t bookworm-backports command line. (The -t bookworm-backports option overrides the default source priorities.)

Looking at the dependencies of pipewire-audio in backports, I see that exactly one of them (wireplumber) has a specific version requirement, so this might work for you:

        sudo apt install -t bookworm-backports pipewire wireplumber


  

BTW, I'm sure that pipewire from bookworm-backports works on bookworm, because I use it myself. You don't have to wait for Trixie.

*You can get details about how the priority system works via man apt_preferences.

Yeah the whole reason for packages being kept back is because they are rolling them out slowly

That's an Ubuntu extension to APT. I don't think Debian adopted it, and even if they had, this particular "kept back" message probably comes from a different mechanism.

EDIT: OP is trying to install a backport of a package with a version-specific dependency; I'll address that situation in a top-level comment.

The normalisation of constant surveillance makes me want to vomit.

Direct video link: https://www.youtube.com/watch?v=jJL0XoNBaac

BTW, I think you meant wary.

This is outstanding work. Putting one together looks far from trivial, though. I wonder if the creator will make pre-built boards available for sale.

Depends on your preferences, I guess. I enjoyed Baldur's Gate 3 a lot more.

Yep. A bunch of them.

GP's complaint must have been about Signal.

In the past 5 years of using Matrix, I have received exactly 2 direct spam messages, and seen maybe 5-10 in public rooms. (There have been none in my private chats, of course.) If you're seeing much more, I guess it must depend on how you use it and what rooms you join.

Matrix is slowly getting there.

I don't have any reason to think this is particular to Rust. The MIT license is popular because it's permissive, simple, and well-known. Developers often choose it when they want to maximize a project's reach.

The technologies mentioned in the article:

lane-keep assist, automatic emergency braking (AEB), and blind-spot detection

AI-powered traffic systems

On-demand breathalyzers, smartphone saliva tests, and eye-tracking sensors

The Realtek RTL8125B on my year-old motherboard has been doing fine with Linux's r8169 driver.

I've only used it at 1gbit/second, though; I haven't tested its 2.5gbit mode.