Seems like they usually leave out the "also" because apparently two things can't be bad at the same time. Wouldn't it be great to live in a world where only one thing is bad? I expect it'd be simpler, at least.
I mean that’s the point of the comment. Any conversation about China’s shortcomings necessarily turns into “but US also bad” as if that’s proving a point we don’t already know. This is Lemmy, not the CPAC convention. We’re probably all pretty on board with nuanced positions on the evils of imperial states
Except they’re nowhere nearly comparable. The US is pretty bad but China is an authoritarian state with internet censorship and state-controlled companies.
The “America also bad” argument feels like a mass murderer saying “well you stabbed a guy 10 years ago, you’re no different!”.
Go look up to see what China did during the great leap forward and cultural revolution. They killed about 30 million of their own people. I would like you to post a source proving that the United States murdered 30 million of its own people within the past 150 years, as well as persecuting tens of millions of people and sending millions of children from cities to be reeducated with forced labor on camps after being separated from their parents. Hundreds of thousands of intellectuals were murdered for being… Intellectuals.
The only thing that comes close was slavery and the Japanese internment during world War II. However, slavery was abolished over 150 years ago, and during the Japanese internment families were generally kept together and they were not forcibly reeducated.
“Please tell me a time when.this country did terrible things b-b-but only in this certain half of the country’s existence!! Otherwise it’s cheating!!1!”
Conveniently chose a time right where you can ignore the Slavery and the Trail of Tears (% population wise that was just as bad). Not to mention the mass Native American “reeducation” and ripping them away from their families to get a “proper white education”
Every government has done terrible things. The US, China, and Russia are among the worst. We can argue about what is “worse.” But that is completely subjective. China literally just did much of what the US did, but on a larger scale 150 years later and with different technology.
Arguably Russia was the worst of them all, but literally all 3 are bad. America pulled itself out of that era and into corporate indetured servitude era of corporations committing genocides and coups in other countries. Personally I think that China is worse than the US and Russia dwarfs both of them, but just because one is maybe marginally worse doesn’t mean the other wasn’t/isn’t bad.
Imagine thinking that people are opposed to post-scarcity economics, and not the whole “let’s kill everyone who disagrees with us until we achieve such conditions”
The one they replied to may have been criticizing “whataboutism”, but it could also be (mis)interpreted as implying the USA has not had similar problems.
But who hasn’t killed their citizens in a simple misunderstanding? Or, if that doesn’t work, America Also Bad! \s
Well, the citizens they killed were literally firing on them and killed around 150 soldiers. Meanwhile the military for the most part did not have guns. Not saying it is justified even then to use military force on striking workers, but a hell of a lot more justified than western media claims. Oh yeah, and literally no college students died that day, as well as nobody within a mile of Tianenmen Square.
When Windows started getting pre installed bloatware is around the time I made my full switch to Linux. When Samsung phones started doing the same, I switched away from them too. Srsly, I will become a luddite before I use any devices that force apps I don’t want on me. It’s abusive and shouldn’t be legal.
Yes. Even though not using all this crap may sometimes feel like you’re missing out on certain stuff, it is still the right thing to do. I don’t support abusive behavior, bloatware and spyware, so companies doing that will not receive any money from me if I can help it.
We’re basically just one step ahead of the general population, who basically (still) eats up anything that’s being served by big tech corporations, without any second thoughts or hesitations. The general population IMHO is currently at the stage that nerds were like 25 years ago, in that they tend to be naively enthusiastic about every new piece of tech. But nowadays, tech can be abusive towards their users, and so it’s important to choose the right tech. The general population hasn’t made that realization yet (or they don’t care, which also must change).
The media is also partly to blame for this, for example almost every new review of any Samsung or Apple phone is usually very positive, usually just reporting about the advancements in hardware and UI, without even mentioning any of the downsides these have on the software side. And so when reviews don’t even mention downsides anymore, there’s a lack of information available.
And it’s not even that regular users don’t like the alternatives. For example I convinced a friend to move from a regular spyware-infested Samsung Galaxy phone (which he was using all the time, and he even wanted to buy a new one) to a Pixel with GrapheneOS. He’s not missing anything, even though his transition wasn’t super smooth, overall he’s happier now, and he mentioned that he likes the OS being so clean and unencumbered. He doesn’t particularly care about the privacy and security improvements which he now also enjoys, which is a bit sad, but at least he’s happy with the lean and unmodified Android (open source) experience.
So, as usual, information/knowledge is power. People need to know that alternatives exist and that some alternatives are actually really, really good. And they need to know what the problems are with the “default stuff everyone uses”, so that they can make better informed decisions in the future. They also need to become less dependent on big tech companies. The alternatives have little to no PR and thus little public visibility in comparison, except via word of mouth, so we need to make the most out of that.
Very good statement, although I disagree with the claim that “nerds” were naive 25 years ago, as the GNU Project and the free software movement exist since the 80s already, meaning that at least some intelligent and tech literate people already realised the destructive potential of closed-source and unfree software!
Not OP but I switched to a FairPhone 3 as soon as it came out after my Samsung experiences. Also wanted MicroSD and Dual-SIM, replacable batteries, easy to fix, longtime support.
Still loving it ❤ FairPhone️ 3.
Back then it shipped with Android 9 and recently got Android 13. That’s support.
Yeah and you can easily put custom ROMs on these, much more easily than on Samsung phones, though it is quite possible for older models of those (I am running Android 12 on my Samsung Galaxy Note II that is by now 11 years old lol)
Thanks! I’ll give it a shot. I wish I could just have YouTube links open in the browser. I hate the app. I have to close it 3 times before the stupid video window goes away.
Keep trying! My teen recently bought his first PC. It came with Win11 and I offered to put Linux on it for him. He replied, "Nah, it's OK, I'm not a programmer". I was like... wait, huh? I don't even know where he would get that idea from since the only programming I've ever done was websites and haven't done that in years. Hubby doesn't do much programming any more either. We game on our PCs.... Email. Browse the interwebs. Watch videos. Discord... blah blah. Literally all the same shit our teen does and yet Linux.
Anyways, I waited until he was trapped in the car with me on a longer drive and told him all the wonderful things about Linux and sold it to him on the idea that I'll set it up as dual boot. Give Linux a couple of weeks and if you don't like it, you can always switch to Windows. It's been about a month now and Windows still isn't even installed 😂
I don’t understand how this is possible, two parents that use Linux and he thinks Windows is the way to go? Kids in school are actually idiots.
That said, I can’t get any of my family to use Linux. My friend tried for a while but asked me to put Windows 10 LTSC on it instead, because he wanted to click “Install” on Steam without worrying about messing with Proton settings and checking ProtonDB, which is reasonable. Some just don’t want to do the extra work, I hope some day that operating systems on our favorite kernel make it easy for plebians to use.
Keep in mind that in these situations it’s not always their fault. Sometimes two other people have pulled in straight and they’re the third. Then the other two leave, and they just look like an ass.
Or maybe they’re just an ass. Can really go either way.
From this angle, I feel like the white car’s right rear (or front too?) wheel would hit the curb if a previous car tried parking like the middle car. Or maybe there is more space to white car’s left than it seems. But I’ll still vote ass.
I always try to remember this. SOMEONE is an absolute idiot in situations like this, but it's not always the most obvious one.
Also: someone going super slow in the fast lane. It's not always the car in front of you, especially if it's a big car. Sometimes there's a little car in front of em.
Because then you’re inconsiderate to the person already parked there. There’s a point where you need to fit with actual behavior of other vehicles rather than stand your ground for the rules regardless of reality
Especially because it looks like the curb is perpendicular to middle car’s tires, which would put it on a 45 degree angle to the lines. Guessing somebody (maybe them, maybe not) pulled in straight to the curb and somehow missed the lines entirely.
Yup, I’ve had to park poorly because everyone else around me had parked badly. Usually one person will park way out of line “Don’t want my car getting dinged!” and that causes a domino effect where everyone else has to park badly too. Now if the one next to you leaves you look like the dick.
It was actually one of the most W3C compliant browsers there is, more so than chromium based ones. Unfortunately google’s near monopoly has made websites focus on working in chrome, not on standards.
And also at the very least you had another option. Which, in my opinion, wasn’t that bad, at least it could’ve been if they just gave up on Bing and MSN.
No way, they can’t give up on bing. They do that and all we have is Google for searches. We need the competition. For MSN, it’s all about content now, I kinda like that branding… It makes it easier to see that I don’t want to see it.
As a web developer, EdgeHTML was the source of so many bugs, including a few that were regressions, and it didn’t seem like Microsoft dedicated enough resources to the Edge project.
Yes it can break pihole too, iirc. Not sure of the exact nature of it, but basically it checks that you loaded the page as intended. If resources are blocked, it didn't load as intended.
Yup. It’s why the only time I play online games now is with friends or not at all. Even then it’s pretty much just co-op against the game rather than against other players. I only have so much energy for gaming and am willing to spend zero of that energy on toxic nonsense.
Check out Deep Rock Galactic. I’ve been playing for 5 years now and have never ran into a toxic player. The community is known for being pretty friendly.
Its a shame in a way but me Im juste muting when possible. Dont want to depend on mate and I have none on gaming actually.
Ive even played again to counter strike source. So much fun in the old ways. No pressure. Trash talk to fun. You can change server by navigating on browser if unfriendly.
I don’t want to be tilted when I play. And I report a lot too XD.
On LOL you can mute by default in settings. In ranked I mute as soon someone start raging and I don’t care of the rank finally.
By this way, ignoring others, you can focus and improve your gameplay easier.
When its too much and I don’t see non sense to mute in an online game, I stop play or go solo on others games. After all my steam library is full of unplayed games.
If one day I do an smurf, shame on me, it will be just to be toxic and don’t care of the game and go trash others by revenge. I’ve no smurf yet and I’m an “old” gamer now.
I hate twitch/YouTube/esport for all the non sense they made theses lasts ten hear and how they influenced in a very bad way the gaming scene who were in a sense “free”. Ty capitalism (I know its non sense but in a way )
I understand that, but muting toxic people on those team games defeats the purpose for me. The point is to communicate and work together, when you can’t do that effectively because they’re being shitheads then I’ll take my ball and go home, so to speak. I have plenty of wonderful single player games and am lucky enough to have some friends for co-op games when I’m in the gaming mood.
You do you, but that technique just doesn’t work for me, personally. I think it’s good to get a different perspective like yours though, to each their own ☺️
Its true, but thanks ping’s system exist and on the game I play is fully efficient. But in a sense I’m still like you. I’ve stopped OW definitively for example bc of what you said.
Me too. The only two games I have been playing in the last 2 years are insurgency, division 2 and payday 2. All PvE. Fuck competitive players. The little time I have available to play, I want to have fun.
You mean competitive games right? Cause it sounds like you should avoid competitive games and game modes. The competitiveness is the point on of competitive games. Which is fine, not everyone needs to enjoy every game genre/mode. Just don’t think it’s the players fault in your outlined situation.
But when I play casual I still get lots of “my team sucks” and “why are you even playing you’re so bad”. I tell them to hit ranked if they’re that sweaty but I’d rather they just fuck off entirely.
I’m waiting for some age verification system so that us older gamers can enjoy playing games without having to compete when we don’t want to. I don’t need to feel elite, I need to feel an enjoyable gaming experience without feeling like I’m not doing something right.
I don’t want a guide to tell me the best build for my character, or tell me how much damage I’m doing. I want to figure shit out without having some kid berate me for not “taking it seriously”.
Bring back games for enjoyment, not achievement farming to brag. No one fucking cares how “good” you are at -any- game when you’re my age.
Hell yeah. I’d pay money to play with regular people. I fucking hate getting torn to pieces in game and verbally by 15-year-olds that have sunk 10,000 hours into a game. I’m a grown adult with minimal gaming time.
Samsung has been a malicious bad actor for a while now. It’s not just phones; they also pulled shit like retroactively adding ads to people’s smart TVs etc.
(Also, even their “dumb” products, like appliances, are designed to fail just outside warranty. If you don’t believe me, take a look at my washer’s spider arm, which failed catastrophically due to corrosion even though nothing else in the machine had so much of a speck of corrosion on it. Samsung is clearly capable of specifying corrosion-resistant materials and chose not to on purpose in order to create a failure point.)
Your corrosion issue is due to dissimilar metals which, when in contact with one another, begin corroding immediately. They chose those materials knowing full well what would happen.
Their appliances are absolute garbage and I’ve read that many repair places refuse to work on them because they’re built so poorly.
Two of Samsung fridges were busted even with 10-year warranty, with mine coming first before my uncle’s. I don’t have fridge anymore as my food is stored in my uncle’s new Samsung fridge. Also, he has a Samsung Smart TV, Tizen sucks anyway, he should get an Android TV instead.
And also, Samsung is already losing it’s mid-range segment to Chinese OEMs.
Being an Apple fanboy is up to you, but I have to say that Apple and Samsung are not the only options. Android has many manufacturers with their own spin on things. Samsung’s spin happens to suck
and you might think their TVs would be ok, but search for “Samsung TV vertical shadow” or some variant and find endless results for failed LED strips or power supplies. trash.
So does that washing machine still work, or is that spider arm critical to all useful functionality? Anyways, one part getting way more corrosion than the rest is suspicious design.
The spider arm doesn’t do much: it just attaches the washing drum to the drive spindle so that it can spin to wash clothes. If you’re using the “let your dirty clothes sit still in a heap while the machine makes loud noises caused by the broken remains of the arm whacking and grinding against each other” setting, you don’t need it at all!
I’m not usually big on boycotts since corporations are entrenched enough that they need gov’t intervention to do anything meaningful but the totality of the circumstances and the likelihood of a better local coffee shop in your area would tell me to skip the awful Starbucks setup.
And the community that is here is, amazingly, somehow even worse than Reddit, on average, when it comes to being a hive mind that is wildly intolerant of any disagreement.
My problem here is it being mostly left wing people, I am from the left, but I also want people from the other sides to be here as well, or else the whole thing will get one sided.
I don’t care about that so much as the hyper specificity of not only “you have to be on the political left here” but “being to the left isn’t enough, you need to be this far left, and hold these specific views on politics, technology, etc.”.
There probably are servers that try to be more tolerant or other opinions, but I think social media could be improved by something like in this video. I put a timestamp but TL;DW not just upvote+downvote, yes or no, but more diverse reactions like "partially agree", "offtopic", "you have convinced me", "informative", "misses the point", etc.
So not just up and down, but left, right, diagonal and every which way to have a broader spectrum of human reactions instead of a binary one.
Additionally, add a more structured conversation flow depending on the community. A community for questions looks more like quora, a science community could maybe want options to add sources and have them aggregated in a thread, and so on.
I personally disagree, mainly because the interactions have much more depth than the same 30 unfunny comments that people make on reddit ex: this. Don’t get me wrong it happens here as well, just way less. I also see people back claims up with evidence here way more, it’s not always valid evidence but at least an attempt is made more.
The thing I like the best is the lack of self righteousness (ironic I’m making this comment on this post haha) that reddit has, that was my personal biggest complaint there. Like on reddit if there is an animal in a video in any way shape or form you can almost always find someone screeching about animal abuse, even when it is obviously not.
I of course have bias in favor of Lemmy and this is highly dependent on the community. I will admit Lemmy is super left leaning, which I like, but definitely supports your hive mind argument. Even though I lean left I think it would be healthier for Lemmy to have more of a presence from the right. Unfortunately with how the political landscape is today I think it won’t be very achievable but hopefully when we hit the post Trump era divisiveness will ease making coexistence here more achievable.
I know, right? I bloody love this site and its weirdos
(I realise you may not find such weirdness endearing as I do. This comment is partly a self directed joke because whilst I don’t have Opinions on soil like the person you replied to, I live for that niche nerd internet shit (which is one of the things that makes me weird too)
The most important thing is what you’ll get. A few static pages and stock images with the watermark still present, sure. Beyond that the meter starts running.
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don’t need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
That’s only really true if you’re going to be storing the password in a secure vault after randomly generating it; otherwise, it’s terrible because 1) nobody will be able to remember it so they’ll be writing it down, and 2) it’ll be such a pain to type that people will find ways to circumvent it at every possible turn
Pass phrases, even when taken with the idea that it’s a limited character set that follows a semi predictable flow, if you look at it in terms of the number of words possible it actually is decently secure, especially if the words used are random and not meaningful to the user. Even limiting yourself to the 1000 most common words in the English language and using 4 words, that’s one trillion possible combinations without even accounting for modifying capitalisation, adding a symbol or three, including a short number at the end…
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
Your way is theoretically more secure, but practically only works for machines or with secure password storage. If it’s something a human needs to remember and type themselves, phrases of random words is much more viable and much more likely to be used in a secure fashion.
We are talking about RSA though, so there is a fixed character length and it isn’t meant to be remembered because your private key is stored on disk.
Yes the word method is better than a random character password when length is unbounded, but creating secure and memorable passwords is a bit of an oxymoron in today’s date and age - if you are relying on remembering your passwords that likely means you are reusing at least some of them, which is arguably one of the worst things you can do.
Most of my passwords are based around strings of characters that are comfortable to type, then committing them to muscle memory. There’s a few downsides to this:
If I need to log in to something on mobile and don’t have a proper keyboard with me, it’s tough to remember which symbols I’ve used
I share some of my logins with friends and family for certain things, if they call and need to re-enter a password, it’s usually impossible to recite it to them over the phone (most of my shared logins have reverted back to proper words and numbers to make it easier for the others)
If I lose an arm, I’ll probably have to reset all of my passwords.
But yeah, words alone provide plenty of possibilities. There’s a reason cryptocurrency wallets use them for seed phrases.
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
One small correction - this just isn’t how the vast majority of password cracking happens. You’ll most likely get throttled before you try 5 password and banned before you get to try 50. And it’s extremely traceable what you’re trying to do. Most cracking happens after a data breach, where the cracker has unrestricted local access to (hopefully) encrypted and salted password hashes.
People just often re-use their password or even forget to change it after a breach. That’s where these leaked passwords get their value if you can decrypt them. So really, this is a non-factor. But the rest stands.
It’s still a rather large pool to crack through even without adding more than the 1000 most common words, extra digits, minimal character substitution, capitalization tweaks, etc
we are talking about RSA keys - you don’t memorize your RSA keys
if you rely on memorizing all your passwords, I assume that means you have ample password reuse, which is a million times worse than using a different less-secure password on every site
so you are saying 44 bits of entropy is not enough. the whole point of the comic is, that 4 words out of a list of 2000 is more secure then some shorter password with leetcode and a number and punctuation at the end. which feels rather intuitive given that 4 words are way easier to remember
If you know the key is composed of English language words you can skip strings of letters like “ZRZP” and “TQK” and focus on sequences that actually occur in a dictionary
The part where this falls flat is that using dictionary words is one of the first step in finding unsecured password. Starting with a character by character brute force might land you on a secure password eventually, but going by dictionary and common string is sure to land you on an unsecured password fast.
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like Tr0ub4dor&3
That’s true but in practice it wouldn’t take 60^11 tries to break the password. Troubador is not a random string and all of the substitutions are common ( o -> 0, a ->4, etc. ). You could crack this password a lot easier with a basic dictionary + substitution brute force method.
I’m saying this because I had an assignment that showed this in an college cybersecurity class. Part of our lesson on password strength was doing a brute force attack on passwords like the one in the top of the xkcd meme to prove they aren’t secure. Any modern laptop with an i5 or higher can probably brute force this password using something like hashcat if you left it on overnight.
Granted, I probably wouldn’t use the xkcd one either. I’d either want another word or two or maybe a number/symbol in between each word with alternating caps or something like that. Either way it wouldn’t be much harder to remember.
except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
if you know there are exactly two additional characters
this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially higher than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set
and you know they are at the end of the string
that knowledge is worth like 2 bits at most, unless the characters are in the middle of a word which is probably even harder to remember
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
even if you assume the random characters are chosen from a large set, say 256 characters, you’d still get the 4-word one as over 50 times more. Far more likely is that it’s a regular human following one of those “you must have x numbers and y special characters” rules which would reduce it to something like 1234567890!?<^>@$%&±() which is going to be less than 30 characters
and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words
While this comic is good for people that do the former or have very short passwords, it often misleads from the fact that humans simply shouldn’t try to remember more than one really good password (for a password manager) and apply proper supplementary techniques like 2FA. One fully random password of enough length will do better than both of these, and it’s not even close. It will take like a week or so of typing it to properly memorize it, but once you do, everything beyond that will all be fully random too, and will be remembered by the password manager.
this assumes a dictionary is used. Otherwise the entropy would be 117 bits or more. The only problem is some people may fail to use actually uniformly random words drawn from a large enough set of words (okay, and you should also use a password manager for the most part)
see, you didn’t get the whole comic. 4 words out of a dicitionary with 2000 words has more combinations then a single uncommon non gibberish baseword with numeral and puction at the end. as long as the attacker knows your method.
a dicitonary attack will not lower the entropy of 44 bits, thats what the comic is trying to say
It's assymetric crypto. You'd need to find a matching public key. Or it's just some useless characters. I suppose that's impossible, or what we call that... Like take a few billion years to compute. But I'm not an expert on RSA.
I'm pretty sure the cryptographic parameters to generate a public key are included in the private key file. So while you can generate the other file from that file, it's not only the private part in it but also some extra information and you can't really change the characters in the private key part. Also not an expert here. I'm fairly certain that it can't happen the other way round, or you could impersonate someone and do all kinds of MITM attacks... In this case I've tried it this way, changed characters and openssh-keygen complains and can't generate anything anymore.
I wrote a “plain English” library in Javascript to demystify all the magic of Let’s Encrypt, ACME, and all those certificates. (Also to spin up my own certs in NodeJS/Chrome).
Edit: To be specific, PKCS8 is usually a PKCS1 (RSA) key with some wrapping to identify it (the OID). The integers (BigInts) you pick for RSA would have to line up in some way, but I would think it’s doable. At worst there is maybe a character or two of garbage at the breakpoints for the RSA integers. And if you account for which ones are absent in the public key, then anybody reading it could get a kick out of reading your public certificate.
lemmy.world
Top