- Wow! Some spot-on analysis of @Facebook, from @JoshTPM -- see paragraph starting "Facebook is so accustomed to..." http://talkingpointsmemo.com/edblog/facebooks-heading-toward-a-bruising-run-in-with-the-russia-probe
- Opt-out impersonation should be flat-out illegal. Wrong when @ResearchGate does it, or when @LinkedIn does, etc (re https://identi.ca/kfogel/note/DJ20KYPdSkmU_3D_UFBzwg)
- So let me get this straight: GOP could live with him equivocating about neo-Nazis, but dealing with Dems? *That's* out of bounds. Got it.
- Ah, this blog post by @18F has more about what I just posted: https://18f.gsa.gov/2017/08/22/government-launches-login-gov/
Stephen Michael Kellat shared this.
- How to be a responsible open source maintainer, in a nutshell: https://blog.liw.fi/posts/2017/08/13/retiring_obnam/
- Distilled essence of why I love reading @JoshTPM: http://talkingpointsmemo.com/edblog/the-darkness-and-the-rot
- Hey @ADP, stop mandating periodic password changes? See https://doi.org/10.6028/NIST.SP.800-63B Quite sure "uJa1YV5J73bey9sW" was not about to be cracked.Nice, I always found forced password changes (except in case of breach) extremely annoying, hadn't ever looked for a resource that justifies my annoyance. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf#page=23
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.Lots of other recommendations that are often annoyingly not followed in nearby text.
That publication doesn't really provide any justification other than by reputation, but turns out that's easy to find as well, eg:
It is hilarious when other government agencies don't listen to NIST about this. My $BUREAU certainly does not and inflicts nasty requirements on employees. Citizens doing business with the $BUREAU get a bit shy about digital interaction.
Claes Wallin (韋嘉誠) likes this.
- How craven can you be? Apparently, my imagination had been too limited until now: http://talkingpointsmemo.com/livewire/scaramucci-probably-some-level-truth-millions-illegal-votes
- It's exhausting to always have to *start* from the assumption someone is lying; some liars count on that exhaustion. http://talkingpointsmemo.com/edblog/breaking-trumps-saudi-arms-deal-actually-fake
- .@GnuPG just announced their new funding campaign. I use GPG every day. I set up my quarterly donation. Join us? https://gnupg.org/donate/