- Distilled essence of why I love reading @JoshTPM: http://talkingpointsmemo.com/edblog/the-darkness-and-the-rot
- Hey @ADP, stop mandating periodic password changes? See https://doi.org/10.6028/NIST.SP.800-63B Quite sure "uJa1YV5J73bey9sW" was not about to be cracked.Nice, I always found forced password changes (except in case of breach) extremely annoying, hadn't ever looked for a resource that justifies my annoyance. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf#page=23
Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.Lots of other recommendations that are often annoyingly not followed in nearby text.
That publication doesn't really provide any justification other than by reputation, but turns out that's easy to find as well, eg:
It is hilarious when other government agencies don't listen to NIST about this. My $BUREAU certainly does not and inflicts nasty requirements on employees. Citizens doing business with the $BUREAU get a bit shy about digital interaction.
Claes Wallin (韋嘉誠) likes this.
- How craven can you be? Apparently, my imagination had been too limited until now: http://talkingpointsmemo.com/livewire/scaramucci-probably-some-level-truth-millions-illegal-votes
- It's exhausting to always have to *start* from the assumption someone is lying; some liars count on that exhaustion. http://talkingpointsmemo.com/edblog/breaking-trumps-saudi-arms-deal-actually-fake
- .@GnuPG just announced their new funding campaign. I use GPG every day. I set up my quarterly donation. Join us? https://gnupg.org/donate/
- Hey @underscoreio, only "Essential Slick" is #opensource; others are not, b/c non-commercial restriction. Re: http://underscore.io/blog/posts/2017/05/29/why-we-open-sourced-our-books.html 1/2FWIW, open sourcerers do that all the time labeling the kernel linux as open source; if they can, why shouldn't others? to me, it comes across as some poetic justice: after open source's distortion of free software to appeal to corporations (tons of people still think free software is only copyleft, thanks to open source campaigning), the corporations give open source some of its own poison
- The @NYTimes article continued on page 13, where it shows some non-buggy C at least :-) http://www.rants.org/wp-content/uploads/2017/05/nyt-code-2015-05-30-pA13.jpg (2/2)
- Is http://www.rants.org/wp-content/uploads/2017/05/nyt-code-2015-05-30-pA1.jpg the first code to appear on @NYTimes front page? Glad it was C. Sad it's a bug. (1/2)
- https://backchannel.com/a-new-kind-of-science-a-15-year-view-4f5668abe54f says NKS is now "freely available"; actual copyright page (http://www.wolframscience.com/nks/piv--copyright/) says otherwise...
- Hi, @datasociety: Is https://datasociety.net/pubs/oh/DataAndSociety_MediaManipulationAndDisinformationOnline.pdf under a free license (like CC-BY or CC-BY-SA or CC0?) Found no copyright info in it...