also, the length of the password is WAY more important than it being randomly generated as long as it’s not in a password dictionary somewhere. I use 20+ character passphrases that i can easily remember everywhere for instance
My strategy is to have a persistent short passphrase that’s within every password I use, and pair it with a silly bastardization of the service I have an account for. So, for example, if my passphrase were hunter2 (lol) and I had an account on Netflix, my password for Netflix might be something like hunter2NutFlex. Because of this, I can manage my own passwords in basic text as “code NutFlex” because the “code” portion is encrypted in my own fucking brain. If Netflix gets hacked, somebody has a password that only works with Netflix, and they’d need my text file as a Rosetta Stone to acquire my other passwords. Not impossible, but who the fuck am I and why would anybody dig that deep to do that to me?
I’m no IT expert, so somebody tell me if this is a stupid and overly vulnerable strategy. I thought I was pretty brilliant for coming up with this and rolling it out several years ago.
i am an IT person (wouldnt say expert) and i do this. password cracking time is based on the number of characters, not the type of char so you can do “abcdefghijk” and it will be more secure than “_a;” (both are still weak but my point stands)
all of this can be broken if you just use common passwords or plain english words since those are broken with dictionary attacks
It’s not the worst strategy (and is actually referred to as ‘peppering’ your password)… but if your primary use-case is websites and mobile apps, using a password manager like Bitwarden and randomly generated strong passwords is still a better strategy (and probably faster too, since you don’t need to type it out manually anymore, and/or remember which flex you used when creating your ‘peppered’ password).
This is a good approach if you have to login to services that aren’t via a web browser though - e.g. Remote desktops etc.
I’d say the approach is potentially vulnerable, but the tech isn’t quite there. The modern approach to password cracking is to take a huge dictionary, and run permutations on it, like change a’s to @'s, capitalizing first letters or adding numbers in the end. Any cracker worth their salt will have something like “add _netflix” as a permutation, too. I don’t think that anyone would have “NutFlex” in there, yet, but it’s possible if one of them stumbles on your leaked password from somewhere else.
As for “basic text”, do you mean like .txt’s? And do you store the entire password there? We do have viruses that scan for crypto wallets and it’s seed phrases already. It’s not too far fetched to imagine one that would cross-match any txt’s contents in the system with browser’s saved logins.
The most glaring issue I see is that the bastardization is effectively part of your password. With 1000+ passwords it’s going to be easy to forget (was it nutflix, sneedtflex, nyetflex or something?) and it’s going to be hard to find it if you don’t manage the codes properly. I recently had to scan over every single of my password manager entries (forgot a 100% random login, password and domain), and let me tell ya, It wasn’t fun.
You could possibly switch to a “client-side salting” approach, having a strong consistent password in you head, and storing a short but truly random suffixes for each service. e.g. text file named “Netflix” containing something like “T3M#f” and the final password would be something like “hunter2T3M#f”. At least that’s what responsible sites do to protect people who have simple/matching passwords. You could even store those suffixes somewhere semi-openly, like in a messenger as messages to yourself. But at that point, it’s probably easier to go with a password manager. Though that’s an option if you don’t trust those.
You could possibly switch to a “client-side salting” approach, having a strong consistent password in you head, and storing a short but truly random suffixes for each service. e.g. text file named “Netflix” containing something like “T3M#f” and the final password would be something like “hunter2T3M#f”.
I guess I’m not understanding how this is functionally different from what I already am doing. Why would your 12 character solution be more secure than my 14 character example? Is it just because NutFlex is two actual words, so a dictionary attack could crack that more easily? Or is it because it’s kinda close to the domain the account is associated with? Would I be significantly better off replacing those bastardizations with other random words?
Edit: and also, they’re saved as notes in my phone, and no I don’t type the whole password in. That would defeat the purpose of having a persistent master phrase as part of the password.
they’re saved as notes in my phone, and no I don’t type the whole password in
Then I must have misunderstood your approach. Is it like a single note with all the keywords only, then?
I guess I’m not understanding how this is functionally different from what I already am doing. Why would your 12 character solution be more secure than my 14 character example
Yeah, it’s because it’s close to the associated domain. The way I see it, this bastardization adds little entropy (there’s only so much possible variations) but also rather easy to forget. And a huge problem, in my opinion, is it’s using your mental capacity for per-site suffixes rather than master password.
A possible attack I see, is if I set up a site, say a forum called MyLittlePony.su with no password protection whatsoever, and lure you to register on it. If I scroll through the accounts and notice your password to be “hunter2MyLittlePenis”, I might go to paypal and give it a shot with “hunter2PenisPal”. Or, somebody whom I sold the database to, might. It’s extremely rare that anyone would even look at your password specifically unless you are some kind of celebrity, but it’s still a possibility. Maybe some future AI tech would be able to crack your strategy (I’ve tried, ChatGPT told me to fuck right off and FreedomGPT is not good enough yet)
Though you’ve said you also keep notes, which deals with the easy-to-forget part of the problem, so my first thought was to get rid of bastardization and add fuck-all amount of entropy by using a truly random suffix. That’d deal with the above problem. But, that’d mean that it’s your master password that is the suffix now, and you wouldn’t be able to access sites without the notes at all, hence it’d be easier to go with password manager at that point.
Then you look up the random string of 36 characters once, think “why did I make this one 36 characters” as you painstakingly type it in with a TV remote, then immediately forget it as soon as you’re logged in.
That sounds… even less secure, but admittedly I know nothing about it. How does it work? MAC address? Device type? OS? I think all of those can be spoofed…
If it’s a fairly inconsequential service (no payment/personal info, nothing lost if it gets hacked), you can just generate a far shorter password. Even randomly generated passwords can be remembered eventually if you have to type it enough times, and that’s still better than the same one.
If it’s not inconsequential, I’d be questioning if my money is well spent on a sadistic service that makes my life hell trying to have a minimum level of security. I would say that even if it wasn’t a generated password that you have to type over.
Some password managers support generating random passphrases like “correctbatteryhorsestaple.” They’re still a pain to punch in on a remote, but much easier to keep track of where you are in the password and avoid transcription errors.
I fully support him in his efforts. if people are going to donate their money to such a sus story, let him spend their money. a fool and his money are soon parted.
100% of the time I mention this, that’s the advice I’ve gotten. I have tried like 20 strains, edibles, oil, shatter, you name it. I used to smoke every day.
Now no matter what I smoke, anxiety. Sometimes it’s just a little and I have a good time anyway. Sometimes I’m not getting enough air when I breathe and I’m going to pass out and everything I say is the dumbest thing anyone has ever said in history.
Not worth the gamble anymore. I’m cool with rolling every few months and delicious delicious adderall. And too much beer, which is the worst habit one can have, honestly.
Oh you’re all good! I always expect to hear then when I mention the anxiety hahaha
I still give it a go every so often. It’s always best when I can go be active in nature, and worst when I sit at home and try to do… anything or nothing.
I miss how awesome it made some music, and getting to blasted I would watch a whole movie, love it, and forget it the next day. Double movie enjoyment!
I feel ya there, 100%! Frankly, I feel the same with psilocybin; active in the world, away from people and obvious aspects of civilization. Get out of my own head and up with the birds in the branches & clouds. 🤙🏼
Silly nosy question: what do you get out of Adderall? I’m prescribed ADHD meds and don’t get any recreational benefit from it, so I’m just curious what I’m missing out on.
When I take adderall, I usually take 10mg or so. It makes me much more productive than I usually am. I have a giant list of projects that I want to do, but normally I just… don’t do them because of the effort involved.
Or I start something and love it, then the next day I just kinda forget about it. It helps me make progress on my 1,000 Steam games I never play. I’ll actually sit down for a few hours and play a game, THE SAME GAME even.
Last time I had some, I set up my mini server! She’s amazing. Next time I have some, I’m either going to reformat my main game computer, reformat the VR machine that’s been sitting in the living room for months and set that up, or learn UNRAID and set up my big server I have all of the parts and HDDs for. That’s been under the couch for like six months now.
…when I write it out like that, I should prooooobably talk to a doctor.
Sounds like you use it for about the same reason I do.
Talk to a doctor! I found it much less stressful than I expected it to be. I started meds last year and my consult and check-ins have been all online. The biggest problem has been, ironically, remembering to take my meds constantly consistently.
I’m a serial hobby-starter, but not a project-finisher.
If you have ADHD, stimulants regulate you. If you don’t have ADHD, stimulants…stimulate you. Adderall is an amphetamine, so people without attention deficit disorders basically get a light meth high from it.
Not necessarily disagreeing with you, but nowadays there’s thousands of different types, and hundreds of different modes, and they all are reactively different.
IDK buddy, I don’t really care to write the same method for five different types (or read the 30 methods with different type signatures) when I can do it with one. I see the exact opposite of your statement, in my experience.
Extra steps that guarantee you don’t accidentally treat an integer as if it were a string or an array and get a runtime exception.
With generics, the compiler can prove that the thing you’re passing to that function is actually something the function can use.
Really what you’re doing if you’re honest, is doing the compiler’s work: hmm inside this function I access this field on this parameter. Can I pass an argument of such and such type here? Lemme check if it has that field. Forgot to check? Or were mistaken? Runtime error! If you’re lucky, you caught it before production.
Not to mention that types communicate intent. It’s no fun trying to figure out how to use a library that has bad/missing documentation. But it’s a hell of a lot easier if you don’t need to guess what type of arguments its functions can handle.
Type signatures help you to know what a function takes and returns. With dynamic typing, I have to read the entire code of the function just to know this (sometimes even this doesn’t tell me what will actually be returned due to duck typing).
More importantly, type signatures help the compiler verify the types.
Both of these get more and more important as the code size increases. I’d suggest you widen your horizon about static typing.
I was gonna say, next to C++ you better don’t shame other languages for their errors. Otherwise I wish you some “fuck you: error in library used in library used in template of template:: some template object is not correct type of template obejct”-type bullshit.
Unreal, Unity’s primary competitor, doesn’t. Mainstream gamers seem to only know about the two. Anyway, it’s a meme. I use C# for exclusively boring corporate stuff, and will continue.
I doubt they went away from VBA. While I do use C# any time I can, I can't say the same thing for Excel. I do know there are ways to do interop, and it's not great. Office file formats and interop have always been... awful.
You can access the Excel scripting engine from C#, but this is more of a case of C# supporting Excel than the other way around. (And you will really not want to do it if you just have to read and save data in excel files.)
Communism =/= leftism. It’s an extreme form of socialism.
My biggest problem isn’t even the communist ideals. Have your ideas, that’s fine. I don’t care.
My problem is the amount of people coming into post comments attacking American Imperialism® on posts that aren’t even related to communist ideals or, sometimes, that don’t even mention America. It gets tiring reading how much America sucks when that’s not even the point of the post.
There’s a book called How to Invent Everything: A Survival Guide for the Stranded Time Traveler that covers this stuff. Don’t think it’s comprehensive enough to actually invent everything from scratch, but still a fun read.
What dimensional space are the people arranging themselves in?
But seriously, this reminds me of a time at my former (FAANG) employer where HR sent out a 40-minute video about not being an asshole and avoiding lawsuits.
12 minutes or so in, they say “as the number of people in a group increases, the number of potential 1:1 interactions increases exponentially.” I thought “actually n(n-1)/2 but whatever”, and finished the video intending to get on with my life.
My inbox was FULL of engineers who were irate. “HR have proven themselves to be fools!” “I expect the company to never ask me to waste my time on their bullshit again.” “Once again non-technical people talking out their asses.”
HR sent a global apology for the error, asked everybody to not watch the video while they fixed it, and released a patched version the next day.
It bugs me that people will call anything with a positive second derivative “exponentially increasing”. I can do one better: it increases busy-beaver-y! Is that fast enough for people??
You’ll just drive yourself crazy trying to understand the logic behind the kind of moronic inbreeding racist idiots who put this flyer up. There is no logic, because they are just disgusting hate filled people. The only “reason” is that they need someone to blame because they won’t take responsibility for how miserable they have made their own lives.
I wasn’t trying to understand their viewpoint because I know they are just copying their views from the Internet. There’s a big problem with lots of people getting the viewpoints from American politics and forgetting some of the US problems don’t apply here.
You have to be a little careful: by sharing it here, even as something you are against, you have made the message travel farther than a few shitty printed leaflets. Nazis like games and double-meanings and codes because they know they can’t openly support posts like this, but the goal is always to “spread the message”. You may have inadvertently played into their hands.
Yes clearly a normal trim. I also butcher my trees annually. Fucking corpo dicks. /s
The sad thing is how many Americans are brainwashed into immediately siding with corporations and demonizing the workers in any labor dispute. Fucking gross.
Yeah. There was a guy I used to work with who would always complain if we heard workers were striking. “Why are they complaining about the conditions? If they didn’t want to work there they shouldn’t have taken the job.”
One of the more braindead takes I’ve ever heard on the topic.
You know, I saw the story about the actors strike the day after it started on the NBC national news. It was about two minutes of the resporter telling the audience which shows they were going to be missing out on, like the next season of The Handmaid’s Tale. It was so fucking blatantly one sided, to the point of just lying by omission. I’m not even sure they mentioned the AI issue. Of course no rational person should trust a TV network to give them unbiased, rational reporting about a fucking actors strike, but that’s exactly where the average person is going to learn about it. And that’s all that will come to mind - “oh no, my shows might take longer to come out.”
It was about two minutes of the resporter telling the audience which shows they were going to be missing out on, like the next season of The Handmaid’s Tale.
I wonder if there’s any footage of that. That sounds fucking wild.
I didn’t really care about it at first. My thought was, hollywood’s writing has been such complete utter dogshit lately, I literally can’t remember the last time I walked out of a movie blown away by something new. (Dune was exceptional, Maverick was good, but those are books and sequels so not OC. Can’t think of much else…)
Then I learned about fan baiting and how hollywood is actually purposefully trashing beloved franchises just to piss off fans, save money on writing, and essentially prep us for their transition to full AI writing and soon acting. For the last decade I’ve been mistaking their dogshit for out of touch but well intentioned corporate bufoonery. Now I realize it’s just part of their large scale evil plan to stay profitable in a world where hollywood and big budget productions are becoming obsolete and irrelevant.
So I’m on the writers side, but good luck to them, I don’t think they’re going to win this one.
Taking away a tree’s photosynthesis organs in the middle of summer when they’re supposed to be storing nutrients for winter is also really good for the tree I’m sure.
How much you want to bet they took those cuttings and threw them in the landfill?
Reposting my comment from another similar thread ‘cause I think it’s kind of important to add.
Ok, so it doesn’t mention wet bulb temperature anywhere, so I went to figure it out. The first thing I was surprised with is apparently most of online calculators don’t take in values higher than 50C.
I couldn’t find the exact data about humidity for that day, but it has been 35-40%+ at a minimum for most days in that region, sometimes even reaching 90%.
So, 52C at around 40% humidity is 37.5C in wet bulb temp. The point of survivability is around 35, and most humans should be able to withstand 37.5 for several hours, but it’s much worse for sick or elderly. 39 is often a death sentence even for healthy humans after just two hours — your body can no longer lose heat and you bake from the inside. That’s like having an unstoppable runaway fever. And with that humidity it’s reached at 54C.
It’s a bit different depending on your health and all that. But 35 WBT is a definite point for everyone (since our bodies run at 36–37C). Kinda like the difference between “some will die” and “most will die”.
I mean to say that the wet bulb temperature at which most will die is ~31.5°C, the gaurdian report I linked is saying that the 35°C number comes from a 2010 study, whereas the findings of the 2022 study found the number to be much lower ~31.5°C.
It’s probably a measure for persistent temperature then. Like, if you lock someone in a room at that temperature (or if it wouldn’t cool down at night, for example), then that person would be dead no matter what after some amount of hours or days.
35 is more of a real-life guideline, since it does cool down at night and you don’t need to withstand this temperature persistently and indefinitely.
And for the last several years there have been lots of places that exceeded 31.5 WBT during the day. Hell, you can probably find several places with that WBT right now. But since people don’t drop dead immediately and need time to heat up, it’s still survivable.
Think about it in terms of a 2D graph. You need to know the duration in addition to temperature to gauge survivability. A million degrees is survivable for a femtosecond, 35 for an average earth day, and ~31 indefinitely.
From @beigegat’s article it says that from real expieriences it’s 31.5C
The oft-cited 35C value comes from a 2010 theoretical study. However, research co-authored by Kenney this year found that the real threshold our bodies can tolerate could be far lower. “Our data is actual human subject data and shows that the critical wet-bulb temperature is closer to 31.5C,” he says.
Well, people do die in saunas. More often than you might think. And those who can sit through 20 minutes are usually already accustomed to them, it’s not like people can sit for a long time the first time. Stick an unprepared elderly person there and it’s often not going to end well.
Also, right after intense sauna sessions (and in between as well) people dunk themselves into very cold plunge pools or snowdrifts to quickly cool off.
And you got the temperature/humidity ratios wrong. 100% humidity is used in a hammam, a Turkish-style steam room, and those are kept at around 45-55C. Russian saunas never exceed 90%, most are kept at around 70%.
Have you been to one and looked at the hydrometer? It’s really hard to raise the humidity above 70–80%, and the usual for most people 1-2 ladles per ~10 mins barely raises the humidity above 60%.
That works, until… Until the power goes out because everyone has their AC on maximum. After that, it becomes a fight of who has a bigger generator and more gas stored, or who has solar power for the AC.
Homeless have been dying during summer and winter for years. It’s just, as with too many things, the new normal and not newsworthy. If they started dying from critical weather I’m not sure we would even know.
I don’t want to be rude, and I completely am all for combating climate change, but 39C is not baking your insides…
I have been deployed to multiple places that were 52C (~125F) in the day/night with high humidity levels, in full long sleeve/pants for 8 hours at a time. 39C (~102F) is hot, but not bake you from the inside type of hot.
Elderly and sick are people not included in what I said above for obvious reasons.
I don’t know your personal experience and how dangerous it was in regards to temperature, but high temperature environments start feeling pretty humid at like ~50%, so you still pretty much need an actual temperature/humidity reading to gauge it correctly.
So guys, take it to the scientists :) I’m not talking out of my ass here, rather quoting research data. There are a couple dozen papers listed in the link above, and most seem to agree on the dangerous temp region. Read their methodology and reasoning if you’re interested to learn more.
Oh I’m not arguing it’s a hot temp and exerting yourself in those temps is very much a death sentence; especially without water. I’m saying that many people in the world have lived through those temperatures. Research studies have a way of making things a bit more dire than what is normally human survivable, probably for legal/medical moral reasons.
The US military definitely has rules against 40+ WBT and state how many hours of work per hours of rest we could have in high temp+humidity levels. However, I, and anyone who had to deploy or live in East Africa (like Djibouti) or the Middle East can definitely attest, 50WBT is survivable for 8 hours days. Again, not talkin’ elderly or sick persons.
lemmy.world
Top