An old anecdote from my alma mater – in an introductory course to discrete math, the professor was teaching combinatorics and began: “Suppose you have an urn with three balls inside colored red, green and blue…” At this point one of the students interjected: “Half the class are electrical engineering majors, how is any of this relevant to our studies?” there was a beat and the professor corrected himself: “Suppose you have an urn with three resistors inside colored red, green and blue…”
I’ll add here again that the judge randomly assigned is Judge Tanya S Chutkan, a 2014 Obama appointee, who ruled against Trump trying to keep his documents secret from investigations, saying “Presidents are not kings, and Plaintiff is not President.”
“Plaintiff does not acknowledge the deference owed to the incumbent President’s judgment. His position that he may override the express will of the executive branch appears to be premised on the notion that his executive power ‘exists in perpetuity,'” U.S. District Judge Tanya Chutkan wrote in the ruling. “But Presidents are not kings, and Plaintiff is not President. He retains the right to assert that his records are privileged, but the incumbent President ‘is not constitutionally obliged to honor’ that assertion.”
If sweet tea drinkers could read they’d be very upset by that graph.
…is what I was going to say, but man it took me a while to figure out and I’m still not 100% sure I really understand it. The specific gravity line and the sucrose vs solution line are tied to the sucrose dissolved in water curve, right? Wait, the left axis is merging two different scales? Sometimes data really isn’t beautiful.
The labels on the vertical axes match the labels on the lines. So the right vertical axis is for specific gravity (the grey line), and the left axis for the other two lines.
Ignore everything but the orange line and the left y-axis. It’s just showing the weight of sugar that fits in 100g of water, vs temperature. The blue one shows that value as a percentage, g sugar divided by total sugar and water.
Right but you’re forgetting there are already other things dissolved in the water as their not using pure, de-ionized water, and they’re adding in tea.
Tap water usually sits around 200 ppm or 0.02% minerals. The tea leaves themselves, as I make my tea, are around 10g/L. Say the leaves dissolve 10% as an overestimation. That gives you water with 0.1% tea, 0.02% other. The solubility limit for sugar is 63% (by mass).
In general, the amount of salts or other organic molecules do not affect the solubility of sugar (or any other solute). The solubility of any solute in water is a constant (for a given temperature), as long as whatever is already dissolved does not have any compounds or ions in common with the next solute.
For example, if we wanted to dissolve sodium chloride into a solution of potassium chloride, the amount of chloride already dissolved would affect the amount of NaCl we could dissolve. But if we wanted to dissolve NaCl into a solution of potassium iodide, the KI would have zero effect on the NaCl solubility.
So, since tea has zero molecules in common with the sucrose, the yes shouldn’t affect the solubility of sucrose at all. The only exception would be if solution is acidic, the sucrose can break down into glucose and fructose, of which the tea may have a small (negligible) amount.
Plus we’re not actually saturating the sweet tea. Saturated sugar water is a syrup, so you know just by the consistency that sweet tea is nowhere near saturated.
They’re not super saturating it. They’re putting an amount of sugar in the tea that can dissolve at room temperature, it just takes a long time to do so.
Have you seen how much sugar those hicks put into their tea though? It’s gotta be hot because they put coca cola grade amounts of sugar, to the point where it wont dissolve in the water anymore. Sweet tea contains 36-38 grams of sugar per 16 oz. That’s a fucking soft drink.
When I make my sweet tea, I use two cups per gallon, which comes out to about 50g of sugar per 16oz. And it’s delicious! It’s definitely not a “drink all the time” type drink. I only make it a few times a year for friends.
Anytime you see a password length cap you know they are not following current security standards. If they aren’t following them for something so simple and visible, you’d better believe it’s a rat infested pile of hot garbage under the hood, as evidenced here.
In theory yes. But in practice the DB will almost always have some cap on the field length. They could just be exposing that all the way forward. Especially depending on their infastructure it could very well be that whatever modeling system they use is tightly integrated with their form generation too. So the dev (junior or otherwise) thought it would be a good idea to be explicit about the requirement
That said, you are right that this is still wrong. They should use something with a large enough cap that it doesn’t matter and also remove the copy telling the use what that cap is
Collisions have always been a low concern. If, for arguments sake, I.hate.password. had a collision with another random password like kag63!gskfh-$93+"ja the odds of the collision password being cracked would be virtually non-existent. It’s not a statistically probable occurrence to be worried about.
This is plainly false. Hash collisions aren’t more likely for longer passwords and there’s no guarantee there aren’t collisions for inputs smaller than the hash size. The way secure hashing algorithms avoid collisions is by making them astronomically unlikely and that doesn’t change for longer inputs.
You misunderstand the issue. The length of the password should not have any effect on the size of the database field. The fact that it apparently does is a huge red flag. You hash the password and store the hash in the db. For example, a sha256 hash is always 32 bytes long, no matter how much data you feed into it (btw, don’t use sha256 to hash passwords, it was just an example. It’s not a suitable password hashing algorithm as it’s not slow enough).
At my job they just forced me to use a minimum 15-character password. Apparently my password got compromised, or at least that was someone’s speculation because apparently not everyone is required to have a 15-char password.
My job is retail, and I type my password about 50 times a day in the open, while customers and coworkers and security cameras are watching me.
I honestly don’t know how I’m expected to keep my password secure in these circumstances. We should have physical keys or biometrics for this. Passwords are only useful when you enter them in private.
Yeah you should have a key card. Like not even from a security perspective but from an efficiency one. Tap a keycard somewhere that would be easily seen if an unauthorized person were to even touch or even swipe it if need be. I’m sick and tired of passwords at workplaces when they can be helped
Not true. Password hashing algorithms should be resource intensive enough to prevent brute force calculation from being a viable route. This is why bcrypt stores a salt, a hash, and the current number of rounds. That number of rounds should increase as CPUs get faster to prevent older hashes from existing in the wild which can be more effectively broken by newer CPUs.
I was incorrect about the goal being minimal resources. I should have written that that goal was to have controlled resource usage. The salt does not increase the expense of the the hash function. Key stretching techniques like adding rounds increase the expense to reach the final hash output but does not increase the expense of the hash function. High password length allowances of several thousand characters should not lead to a denial of service attack but they don’t materially increase security after a certain length either.
I’m arguing semantics here but bcrypt is the hashing function. Per the Wikipedia article on bcrypt:
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.
Blowfish being a symmetric encryption cipher, not a hashing function.
Agreed on the rest, though. The hashing cost of a long password would not lead to DOS any more than the bandwidth of accepting that password etc. It’s not the bottleneck. But also no extra security beyond a point, so might as well not bother when passwords are too long.
They're designed to be resource intensive to calculate to make them harder to brute force, and impossible to reverse.
Some literally have a parameter which acts as a sliding scale for how difficult they are to calculate, so that you can increase security as hardware power advances.
I was incorrect but I still disagree with you. The hashing function is not designed to be resource intensive but to have a controlled cost. Key stretching by adding rounds repeats the controlled cost to make computing the final hash more expensive but the message length passed to the function isn’t really an issue. After the first round it doesn’t matter if the message length was 10, 128, or 1024 bytes because each round after is only getting exactly the number of bytes the one way hash outputs.
Yes, a hashing function is designed to be resource intensive, since that's what makes it hard to brute force. No, a hashing function isn't designed to be infinitely expensive, because that would be insane. Yes, it's still a bad thing to provide somebody with a force multiplier like that if they want to run a denial-of-service.
I’m a bit behind on password specific hashing techniques. Thanks for the education.
My background more in general purpose one way hashing functions where we want to be able to calculate hashes quickly, without collisions, and using a consistent amount of resources.
If the goal is to be resource intensive why don’t modern hashing functions designed to use more resources? What’s the technical problem keeping Argon2 from being designed to eat even more cycles?
Argon2 has parameters that allow you to specify the execution time, the memory required, and the degree of parallelism.
But at a certain point you get diminishing returns and you're just wasting resources. It seems like a similar question to why not just use massive encryption keys.
Are you saying that any site which does not allow a 27 yobibyte long password is not following current security standards?
I think a 128 character cap is a very reasonable compromise between security and sanity.
I’m a chemical engineer and I now better understand calculus slightly better from this post. I did a whole lot of “okkayyy …let’s just stick to the process and wait for this whole thing to blow over”
I know what they were asking me to do but I never really fully understood everything.
I also studied chemical engineering, and throughout high school and university that was exactly it. Calculus was a kind of magic, and you just had to learn all the spells.
With this book I finally understood why the derivative of x^2 is 2x.
When I started algebra in something like 5th grade I had a huge issue with f(x) and the best answer my teacher gave me was that “the equation is a function of x” and couldn’t explain it differently and I couldn’t get over the fact that we are not multiplying whatever f is by X. “If we’re going to set precedent with notation at least be fucking consistent” - 5th grade me probably
A time-proven antidote to aging is incorporating more youthful slang into your vocabulary. And before you clapback at me, I've been trying it myself and it's pretty bussin' bruh. I'm dripping all over the place now!
Man if I had more fucking ambition or energy, you’re absolutely right and I could be so rich right now but again, I’m lazy and full of depression… but if somebody runs with this idea, can I be on the team? I need a win in my life.
I’m an older guy - over 60 - and I absolutely love using slang that was popular before I was born. At work, I liberally say things like “swell,” “keen,” and “golly.” I’ve been doing it for years; when I started, everyone knew what I was doing (most laughed), but now there are a lot of folks who are young enough that they just assume it’s slang I grew up with, which makes me laugh.
Absolutely, I’m just relaying what I’ve heard in case the commenter wants to talk with some youths in their vernacular. I don’t want them to be all “holler me up my fellow kids!”
If that’s accurate then I got old way faster than I thought I would. At least I can take solace in the fact that I’m probably on the younger end of Lemmy users.
If someone blew up the toilet or smtg sus, hmu. tbh we high-key tryna glow-up this campground frfr. can’t stop won’t stop til this place straight up slays ong. need ur help fam. thx
To be fair, the company name is still Logitech, just the logo is shorter. I agree that the middle is probably best aesthetically, except that the logo seemed to fade quickly.
Everyone wishing for more users might be wishing on a cursed monkey paw. I don’t know what the sweet spot number of active users is — I want more so we can have contributors to niche communities — but there’s a tipping point. You want your favorite bar/restaurant/message boards to be popular but not too popular.
Personally I think it’s more important to break big-tech’s hold on online communication. Every single user who leaves a centralized platform to join the Fediverse is a win in my books! Another thing is that we never had a mainstream decentralized, nonprofit and non-algorithmic social network before afaik, I’m actually not sure if the climate will evolve like it did with the other networks.
I guess I just don’t have faith in the majority’s conversation. Once you have a lot of dumb people, all the content starts devolving. Especially the comments.
As a dumb myself, it’s a difficult problem that I don’t have an answer to.
But maybe it’s a net positive. Don’t spend all day on one platform. And the dumb jokes are nice for being less serious all the time. As long as there is still good conversation
Bro, we’ve had like 3 dozen memes at the top about Taylor Swift’s airplane just in the last week. We are not exactly avoiding what I just complained about. So I guess it’ll be okay
Once you have a lot of dumb people, all the content starts devolving. Especially the comments.
As long as the influx of dumb users is matched by a sufficient influx of less-dumb users to help grow niche communities, I think it might be fine. I rarely browsed the large 1M+ subreddits, and mostly stuck to the subs with a few thousand users.
Honestly I feel like the proportion of dumb people here is ever so slightly worse than it was on reddit. It feels like people here are always missing the point of everything, not getting simple jokes, arguing about dumb stuff…
Honestly, I’m scared of what will come of it. Lemmy is fragile and the lessons of yesteryear don’t apply thanks to AI and evolving spam methods. That said, I’m still cautiously optimistic about the future of lemmy.
I’m referring to recommendation algorithms, the bad thing about them is that they can be used to manipulate people. Algorithms in general are fine of course.
The problematic ones for that are mostly recommendation algorithms afaik, but there are others like gamification ofc. You can call them engagement algorithms if you want to be a bit more broad. But that’s what I mean when I criticize “algorithmic” platforms, and I think that’s what most people mean when they talk about algorithms in this context.
I still can’t believe we haven’t seen a @whitehouse.gov.social or whatever spring up. Why in the world would they not want to control their social media presence in house? Why allow Twitter that luxury?
If they went cold turkey on Twitter and set up @potus the posts would still end up on Twitter because people would cross post them (just like we see Twitter posts on Masto or lemmy).
At least some EU governments have started making their own accounts.
I emailed my region’s national weather service and asked that they join Mastodon and the meteorologist said they wanted to but there’s an approval process for communications and it takes awhile to add new services.
I’m basically completely off X (and haven’t had a Facebook account for years) but during a recent storm, I made a new Twitter account that just follows local government accounts. It’s annoying that the fastest way to find out about flooded roads and stuff is X and I really hope that changes soon.
I follow a couple of not stations that have a Masto presence, but I get where you are coming from.
Hopefully the tide will shift more this year.
I know that some people are upset about Threads federating, but I feel like some people may never end up on Masto but could have a Threads account. A local weather station, for example. But if you could simply subscribe to them via Masto without ever making a Threads account that’d be great. And the weather station gets to serve more people (the “normies” — for lack of a better word — on Threads and the nerds on Masto).
A lot of Masto servers I’ve seen have use the .social extension. I feel like it does lend itself to letting people know what to expect when seeing a handle that ends with .social. It’s maybe an easy connection to make that that’s some sort of social media entity.
They certainly don’t have to use that type of url, but I think it’d be cool and it makes sense for what it is.
I’ve thought that news stations should do the same, too. Like an @news would be cool and have built in verification simply because they could lock down its users to only approved people so you’d know that @wolf is definitely Wolf Blitzer. No need for checkmarks.
I have no idea who Wolf Blitzer is, but for example there are social.network.europa.eu, social.bund.de and social.kernel.org. So US can use social.gov.us
They really went for a double subdomain and network.europa.eu is not even a thing. Also it’s insufficiently Latin. curia.europa.eu and consilium.europa.eu is proper, europarl.europa.eu already makes much less sense it should be senatus.europa.eu.
I think once domains like @washington.usa.gov or @newyork.usa.gov get adopted for precenses on the network we’ll be golden, the EU is already making huge steps for this (as always) so I honestly think it’s only a matter of time, with custom software too I imagine.
This is why I believe in some geo-located communities.
It’s easier to find common ground when you’re complaining about the same weather.
And then when you’re interacting with the wider communities, your host community can give context to your way of thinking.
The unwashed masses (like myself) will eventually change Lemmy. I don’t think it will ruin it completely because the best part about having hundreds of millions of lemmings is the niche communities.
The main instances and communities are going to get shot to hell though. I’ve accepted that.
That’s how I like to see us too, but I’ve definitely met some Z hating millennials.
I met a fellow “old millennial” recently who said “we’re the last generation to be raised right”. I disagree, but hearing it from a guy my age really cemented me in old man status.
Then he told me he had 3 kids. Who’s responsible for raising that generation!? Lol.
Go onto TikTok or Reddit (verboten, I know). Gen Z is currently going wild on how cooked and ruined Alpha already are.
They also have very strong opinions on what good child rearing looks like despite making up a huge portion of the child free ideology.
I generally dislike broad generational… uh generalizations. However, trends are undeniable. And as Z ages they appear to be going through Boomerification. I think that’s why so many public freakouts on service workers happen with them. Millennials have the opposite reputation, of bending over backwards to be overly polite.
Edit: to say that I’ve never seen a generation publicly express nostalgia as hard and young as Z. My older Alpha kids are sort of up there with their friends, too, but Gen Z just seems like they are retreating into a false past which never really existed as they remember it because the world is so shit.
Besides the thing about talking about how children should be raised I completely disagree. I’ve never see anyone have nostalgia for anything besides music and fashion maybe since a massive amount of us are gay or trans so there’s no reason to want to go back to the past. And every gen x or millennial I know will gladly argue with cashiers for longer than any gen z since they’re still working as cashiers and were the generation that invented the concept of Karens and watch all the “customer gets owned” " I am the manager moments"
I mean I kinda get it. I’ve met a couple of gen Alpha kids that were raised as proper iPad kids, and they are just so developmentally fucked.
They had their pad in front of then literally 24/7 playing those wierd as fuck AI kids videos on youtube or scrolling through the most mind numbing youtube shirts and would barely react to anyone in real life to the point the mum had to send him a message on the iPad to get him to respond to anything.
Even my own nephew who was raised with strict screen time limits is kinda fucked up as well. Just not as severely.
I guess you can be an honorary Xer, but I was 14 when you were born, so it’s just a fact that a lot of what I and my fellow Xers have in common time-wise is going to be significantly different. Consider; you were 7-years-old when I was 21.
lemmy.world
Top