3 Post – 50 Comments
Joined 6 months ago

Looks like a test instance. URLs are read from the end to the beginning, so enterprise.lemmy.ml is a domain controlled by lemmy.ml. As that is the instance that the main developers control, it would follow they have a testing environment. In addition. Almost all the posts, users, and communities seem to have "test" as part of their name. It being the instance controlled by the developers is why lemmy.ml is always a link, while lemmy.world would need to be formatted as a link to get a link.

4 more...

And if you don't forget it, you'll use a simple one that's easy to guess or contains common substitutions, p@$$w0rd!. And then when you do forget it you'll call support who will reset it, and they get so many calls it will make taking over another account easier.

Perfect security. Nobody can access.

A password manager does nothing to stop Social engineering and human factors on the provider side.

10 more...

Mine went to once a year for most systems. There is probably an external requirement somewhere that says they need to be changed periodically and once a year is the lowest frequency they can do.

I am generally more annoyed at the second bit, the user having to change their password. Both are problems, but internal policies for changes are usually documented and communicated.

1 more...

It doesn't matter how good an individuals security is, its the system that's a problem. Passwords are not often compromised through brute force. Password resets are a much more efficient entry method.


Q-B05: Is password expiration no longer recommended? A-B05:

SP 800-63B Section paragraph 9 states:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”

Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future. When those changes do occur, they often select a secret that is similar to their old memorized secret by applying a set of common transformations such as increasing a number in the password. This practice provides a false sense of security if any of the previous secrets has been compromised since attackers can apply these same common transformations. But if there is evidence that the memorized secret has been compromised, such as by a breach of the verifier’s hashed password database or observed fraudulent activity, subscribers should be required to change their memorized secrets. However, this event-based change should occur rarely, so that they are less motivated to choose a weak secret with the knowledge that it will only be used for a limited period of time.

Q-B06: Are password composition rules no longer recommended? A-B06:

SP 800-63B Section paragraph 9 recommends against the use of composition rules (e.g., requiring lower-case, upper-case, digits, and/or special characters) for memorized secrets. These rules provide less benefit than might be expected because users tend to use predictable methods for satisfying these requirements when imposed (e.g., appending a ! to a memorized secret when required to use a special character). The frustration they often face may also cause them to focus on minimally satisfying the requirements rather than devising a memorable but complex secret. Instead, a blacklist of common passwords prevents subscribers from choosing very common values that would be particularly vulnerable, especially to an online attack.

Composition rules also inadvertently encourage people to use the same password across multiple systems since they often result in passwords that are difficult for people to memorize.

I don't have any first hand experience, but anecdotes I hear, Medical and Banking have some of the worst password/security practices.

All I know is the mortgage servicing company I use seems to have started ~3 month interval, that they don't say (no second factor available either). When I went to pay my internet bill, I get greeted with a message "you're passwords been reset". I'm stubborn and I was just using those sites to pay bills, so now I just don't log in to those anymore.

Insurance, and government need to catch up to the research. For sites that support them, I really like the Yubikey as a second factor.

3 more...

I don't think I've gotten past finding the correct length video. Getting that to work with everything else and keeping what's his face alive is just too much.

I think your missing the point. It doesn't matter how good an individuals security practices are if the system itself has bad security architecture.

3 more...

What about when you go and log in tomorrow?

2 more...

I like your optimism.

you and @CodingCarpenter@lemm.ee must use the same system.

As an example, if you have an online account with some bank. That bank would be the provider.

2 more...

I don't think you're following.
First, you are an account holder in my answer not an employee.
Second, the reason its an issue has nothing to do with the actual password or password security. Frequent changes lead to simpler passwords. Someone is likely just to increment a number, so a new password is barley a hindrance if the previous one is compromised. Frequent changes are going to lead to more password resets, service personnel who have to deal with people forgetting passwords due to frequent resets/ changes are more likely to be complacent allowing an attacker to gain access through a reset. For company based passwords, frequent changes and high complexity requirements are more likely to lead to someone writing a password down near where that password is used.

How did you get into it?

I haven't been to the dentist is ~10 years. I should probably go.

2 more...

There have been a lot of days recently where I just want to take a month off from "Adulting". Not just a month off from my job, but paying bills, shopping, all those little things you have to do to continue existing. I want to work on personal projects, volunteer, play games, relax...

Cracking the Cryptic has shown me the wonders of variant sudoku. My personal favorite variant is thermo. Their GAS series is a good introduction, or jump right in at logic masters

9 more...

I'm a big fan of standard time myself, the light in the morning helps me wake up. I usually don't have a problem with the fall shift, but I've found myself slowly drifting my sleep back to saving time. I think it the near record highs in my area the past couple days. As a pedantic note, its saving time, no s, yes its really awkward to use.

I never moved growing up, so only ever saw 1 dentist, I don't really want to try to find one. I don't want to be told my wisdom teeth need to come out; they don't bother me. I only bleed a little when I do floss and I don't eat/drink much sugar at all. Still though, Yea I need to suck it up and go.

So a hacky solution that uses lots of javascript to search your home instance and re-write the page. Got it.

corporate sites make money by selling your info to advertisers and data brokers. Their goal is to keep you on the site and clicking links. Youtubers make money by people waiting their stuff; they are incentivized to clickbait for watches, some channels are very effective at this. I don't know that you will fall into interesting things as there is no incentive in the algorithm for it. You have to seek it out, forums, small sites, blogs, small communities or instances here...

I voluntarily changed jobs last year, even though I wanted to leave, I found it hard to convince myself to start searching for a new one. When it came to hand in my notice, even though I had already informed people I was leaving, actually sending in my notice was one of the most terrifying things I have done.

3 more...

For employment references, many companies will only acknowledge that you worked there and the dates.

1 more...

That's completely up to you, I'm just saying how things work as I understand them.

There is a tool I've heard about that subscribes to remote communities for federation until a real subscription. https://boost.lemy.lol/

4 more...

Some airports have fancy scanners that don't require removing anything. For everything else, maybe you were marked for precheck or similar? Its only a trend when your return trip is the same.

Hosted my parents for an early thanksgiving last weekend. Happy to have them around, also happy when I'm alone again.

It was 15 years ago that I marched in the Macy's Thanksgiving parade.

They both worked in banking, so the math makes sense. For the sums I have a feel for most of the extremes and common ones, the triangular numbers, the maximum numbers, the missing or extra "ones" (4 digits that add up to 14, 4 digits for 11...). I usually just use the killer calculator for the other ones. At least on the desktop site its under the advanced settings.
That too is about my limit for set, although I might see the expanded ones too. As soon as Simon highlighted the cells in yesterdays feature he immediately knew it was set. I don't know how he does it.

1 more...

It was probably a year after I started watching before I started attempting the puzzles myself. It started with Mark's videos that were under 45 min and Simon's that were under 30. Now I think my limit is under 90 minutes for Simon, except pencil puzzles, I'll try any of those. The video length can actually be a bad indicator of how difficult I find it. They both do math heavy puzzle really fast, and Simon has a knack with set theory.

3 more...

Change is hard, leaving an existing job for the unknown is scary. Even if you don't like where you are now, you at least know what it is like. Concentrate on the reasons you want to leave, not why you think you should stay.

1 more...

Simon's enthusiasm is infectious. I am up to the point I can do most of the puzzles that don't involve set theory or really heavy math. So much fun.

5 more...

I stopped getting older after graduating college.

I wouldn't call their videos training, more of guided solving of easy to monstrously difficult puzzles. You solving is the training. As a warning, if you start enjoying solving the featured puzzles, your old sources might lose the allure they once had.

I believe it was off by necessity. So many teachers would be taking the day off anyway, there just wouldn't be enough staff. A large amount of student would be taking the day off too.
Edit: My previous job and current both get the same federal holidays off per year. My previous job grouped them together. This created blocks like the Friday after thanksgiving and a week around Christmas. My current just takes them on the actual day.

I can't remember the last time I played. Never really liked the aesthetics of the windows versions after 7. If I'm in the mood I use https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/mines.html That version never requires guessing. To give myself a challenge I try to do it without flagging the mines.
Edit: realized its the xp version I liked, 7 was ugly.

1 more...

Happy birthday! I will help you remember today by sharing with you the most useless measurement I know of the cran. A measure of uncleaned herring.