HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zxcvasd

no profile record

comments

zxcvasd
·5 maanden geleden·discuss
>Operating systems are supposed to get in the way of things like this

debbie from accounting will say "darn thing wont let me do my job", and get frustrated from all of the prompts and approvals she doesnt understand. she is just going to click yes on every single prompt, not reading it. no meaningful security increase occurs.

debbies boss is going to get annoyed that debbies productivity has fallen 15% because she doesnt understand what her computer is asking for and she is having to stop what she is doing to hit some stupid prompt every 10 minutes. no meaningful security increase occurs.

tier 1 tech support will quit their jobs because now they arent just resetting hundreds of passwords each day, they have to listen to people yelling at them about their computer prompting for permissions every 10 minutes. "just hit yes whenever it shows up", they say. no meaningful security increase occurs.

neckbeard mcneckbeard on HN will screech "mIcRoSlOp thinks they know how to secure my computer better than me!! screeeeeee walled garden screeeeeeeeee if i bought it i should be able to do anything to it". mr. mcneckbeard is very vocal and causing all sorts of bad publicity. they hack some workarounds or change the settings so that they dont get prompted every 10 minutes. no meaningful security increase occurs. (side note: i ~mostly~ agree with mr mcneckbeard)

if security is not convenient, people will work around it, and you'll end up with even worse security because everything will be done in the shadows.

security an extreme balancing act. if the friction is too high, it will end up lowering security, not increasing it.

>Backwards compatibility is not more important than this

in more situations than you probably think, backwards compatibility is literally the most important thing.
zxcvasd
·5 maanden geleden·discuss
at the risk of going a bit off topic here, what specifically has deteriorated?

as someone who has used 1password for 10 years or so, i have not noticed any deterioration. certainly nothing that would make me say something like they are a "shell of their former selves'. the only changes i can think of off the top of my head in recent memory were positive, not negative (e.g. adding passkey support). everything else works just as it has for as long as i can remember.

maybe i got lucky and only use features that havent deterioriated? what am i missing?
zxcvasd
·5 maanden geleden·discuss
>I guess almost anyone can do the following

almost everyone knows the formula for olvine and quartz, too, of course

theres probably less than 10 people in my entire company that know half of the words you wrote there. whats an "iso"? what is "flashing" the "iso"? how do i "boot medium"? what is "KDE" and why do i want to say yes?

(i know what these are, and maybe most people browsing a tech-focused forum with "hacker" in the name, but the vast majority of people do not)
zxcvasd
·5 maanden geleden·discuss
sure, not denying that. my writing style is fairly different now in my 40s than it was in my late teens/early twenties.

but, those changes are usually pretty gradual and relatively small. thats why when attempting to identify someone via writing, you look at several aspects of the writing and not just word choice (grammar, use of specific slang, sentence length, paragraph structure, punctuation, etc.). it is highly unlikely that all aspects of someones writing changes at the same time. simply removing "ha" is inconsequential to identification if not much else changed.

additionally, this data is typically combined with other data/patterns (posting times, username (themes, length, etc.), writing that displays certain types of expertise, and more) to increase the confidence level of correct identification.
zxcvasd
·5 maanden geleden·discuss
this is a well-studied field (stylometry). when combining writing styles, vocabulary, posting times, etc. you absolutely can narrow it down to specific people.

even when people deliberately try to feign some aspects (e.g. switching writing styles for different pseudonyms), they will almost always slip up and revert to their most comfortable style over time. which is great, because if they aren't also regularly changing pseudonyms (which are also subject to limited stylometry, so pseudonym creation should be somewhat randomized in name, location, etc.), you only need to catch them slipping once to get the whole history of that pseudonym (and potentially others, once that one is confirmed).
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
i am on mullvad and accessing it fine. if you are on one of the default exit nodes, try switching it. i find the default nodes get blocked by a lot of sites, likely due to malicious behavior of other users.
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
only because it isnt enforced.

if fines were levied and actually collected, itd be a pretty robust regulation for privacy. theres other issues with it, but nothing that requires gdpr to be wiped out -- just modified (and clarified) a bit.
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
>you just need to know at least a little more than the companies you are consulting for.

sometimes (i'd argue often, actually), you don't even need that. simply having an outside/fresh perspective and the fact that you aren't part of any of the existing groups/silos is valuable.
zxcvasd
·5 maanden geleden·discuss
well, what happens is netflix gives blender real cash. and thats the entirety of the translation
zxcvasd
·5 maanden geleden·discuss
[dead]
zxcvasd
·5 maanden geleden·discuss
this is a very common pattern in tptacek's comments, but it's not worth calling out as he absolutely refuses to recognize it, always falling back to a similar response you see here.

with a quick google of "3des broken" and reading the first paragraph of wikipedia on 3des, i was able to guess (correctly!) what they original commenter was referring to.
zxcvasd
·5 maanden geleden·discuss
to any non-cryptographer, i think that's a distinction without a difference. it's disallowed from use by the major standards institute due to a vulnerability where people can recover the plain text.

that sounds "broken" to me, but i'm not a cryptographer. so, i'll defer to you when you say it's not broken. (i dont know what the cryptographer-specific definition of broken is -- it'd be great if you would shed some light on that)
zxcvasd
·5 maanden geleden·discuss
if i were to guess, they are referring to CVE-2016-2183, which lead to deprecation of 3DES by NIST in 2019 (announced in 2017) and disallowing all uses in 2023. openssl also stopped including it in default builds starting in 2016 because it is considered weak.
zxcvasd
·5 maanden geleden·discuss
><obscure set of random words>

"language server" is probably not particularly obscure (or random) to the audience of people who know what "mecrisp-stellaris" is (i.e. the audience of the post).

i actually doubt "language server" is obscure to pretty much anyone who has done any programming recently.