Passwords should never expire: https://www.sans.org/security-awareness-training/blog/time-password-expiration-die
Passwords should not be changed often: https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html
Password “complexity” is — mostly — a joke: https://www.xkcd.com/936
You have been breached: https://blog.augustschell.com/passwords-passphrases-complexity-length-crackability-memorability-data-breaches
Passphrases are better than passwords — and https://password.ga will generate them for you (it will also generate random passwords that pass complexity requirements)
Use a password manager of some kind
Originally published at antipaucity.
A Polish gentleman was walking through Krakow one afternoon, and found a curious object covered in dust and grime.
As he was cleaning it, out popped a genie.
“I am the Genie of the Lamp™. I will grant you 3 wishes. Choose wisely.”
The gentleman asked, “3 wishes? Any 3 wishes?”
“Yes, any 3 wishes you choose.”
The gentleman thought for a moment and said, “I wish for the Mongol invasion of Poland.”
To which the genie replied, “The Mongol invasion of Poland? With Ghengis Khan and the Mongol Hordes? You’re Polish, you know — are you sure?”
“Yes, quite…
About 2 years ago, I started running Pi-hole as a DNS resolver and ad-blocker. Then last year, I ditched it.
After seeing a recent post by Troy Hunt, though, I thought it might be worth revisiting..but I needed a better way to control how it worked.
Enter {{OpenVPN}} — a service I already run on three endpoints. Here’s what I did:
Install Pi-hole per the usual (curl -sSL https://install.pi-hole.net | bash if you're feeling brave, curl -sSL https://install.pi-hole.net, inspect, then run, if you're feeling a little more wary).
This time, though, I set my upstream DNS providers to Cloudflare (1.1.1.1)…
I want you to watch these 6 movies (in this order):
- The Wizard of Oz
- Ferris Bueller’s Day Off
- Night of the Living Dead (1968 edition)
- The Godfather
- Pi
- Inception
Watch them with a notebook and pen or pencil handy (yes: use physical writing and recording tools; don’t use your laptop, tablet, or phone).
Write things you see that jump out at you about the story — how it is told, what is explicitly stated, what is implicitly hinted-at, what is alluded-to, etc.
Start with the very first thing you see after the title credits finish.
I’ll give you a…
Ben Thompson is generally spot-on in his analysis of industry goings-on. But he missed a lot in The Cost of Developers this week.
Here’s what he got right about this acquisition:
- Developers can be quite expensive (though, $7.5B (in equity) is only ~$265 per user (which is pretty cheap))
- Microsoft is betting that a future of open-source, cloud-based applications that exist independent of platforms will be a large-and-increasing share of the future
- That there is room in that future for a company to win by offering a superior user experience for developers directly, not simply exerting leverage on them
- Microsoft…
As a society, we have forgotten how to forget. We are addicted to storing everything forever. Why?
New Atlas had an article recently on the demise of skyscrapers in favor of new ones which starts off,
The Great Pyramid of Giza has stood at a height of around 460 feet for 4,500 years, but these days we are ripping down tall structures without even batting an eyelid. …
Shared a TechCrunch story recently in a G+ group I’m in on Volvo debuting a new service to upload live traffic data from its vehicles to be sent to other Volvos so they can avoid problem areas.
Or…a self-built and -hosted Waze.
You may recall that I wrote some about these kinds of things starting back in 2010.
Why, exactly, Volvo thinks it not only should do this, but expects its customers to want the manufacturer to be doing this is something I don’t understand right now.
Sure, it’s an interesting technical challenge — but it’s not exactly novel…except in…
The debate is raging again as the Supreme Court of the United States is getting ready to make a decision on collecting sales tax for online sales.
I’ve read as many viewpoints from supporting and detracting from requiring businesses to collect sales tax from their customers.
And my [current] view is that all businesses conducting business online should collect the sales tax you would have paid if you went in person.
Company in Oregon? No sales tax. Company in Kentucky? Sales tax.
Don’t collect it for whereever the buyer happens to be: collect it based on where the seller is.
Simple.
Straighforward.
And is something the merchant is already setup to do.
- Here’s a launch site for state-by-state rules on collecting sales tax online: https://www.nolo.com/legal-encyclopedia/50-state-guide-internet-sales-tax-laws.html
- Further links via Wikipedia: https://en.wikipedia.org/wiki/Internet_taxes
Originally published at antipaucity.
Qualys — https://www.ssllabs.com/ssltest
High-Tech Bridge — https://www.htbridge.com/ssl
Comodo — https://sslanalyzer.comodoca.com
SSL Checker — https://www.sslchecker.com/sslchecker
Originally published at antipaucity.
Yesterday I wrote-up a neat little find in {{Splunk}} wherein running stats count by ... is substantially faster than running dedup ....
After some further reflection, I figured out the major portion of why this is — and I feel a little dumb for not having thought of it before. (A coworker added some more context, but it’s a smaller reason of why one is faster then the other.)
The major reason stats count by... is faster than dedup ... is that stats can hand-off the counting process to something else (though, even if it doesn't, incrementing a hashtable entry…
