pcooper
@pcooper
Best posts made by pcooper
-
RE: WTF Bites
@LaoC Somehow it happens over and over again, that Alice tries to stop Eve from listening in on her messages to Bob, when Bob and Eve are the same person, and yet Alice is confused why she can't.
-
RE: Biometric/fingerprint securit...uh?
@carnage said in Biometric/fingerprint securit...uh?:
Biometrics are not security, for the most part.
Sure they are. They're just for the identification portion of security, and not the authentication portion of security.
That is to say, fingerprints are usernames, not passwords.
-
RE: WTF Bites
I'm with you. At least you can beat it back into some semblance of its former self:
Do you have some pointers for me? I can't figure out how to get something resembling a normal title bar and toolbar back.
I'm quite amazed that their what's new highlights specifically says things like "perfect for people used to modern webmail", "emulates a mobile interface" and, like, do they just not realize that people might be using their product specifically to avoid those things?
-
RE: Arbitrage. With Pizzas!
I love Matt Levine's writing on finance. From his daily roundup where he covered this:
If restaurants and drivers complained about DoorDash but DoorDash was raking in juicy profits, you could be like “what do you want, innovate or die, the market has spoken.” But in fact restaurants and drivers complain about DoorDash, and it lost $450 million in 2019 on about $1 billion of revenue. Arguably the market has spoken and said “stop it, come on, this is dumb.”
In the old economy of price signals, you tried to build a product that people would want, and the way you knew it worked is that people would pay you more than it cost. You were adding value to the world, and you could tell because you made money. In the new economy of user growth, you don’t have to worry about making a product that people want because you can just pay them to use it, so you might end up with companies losing money to give people things that they don’t want and driving out the things they do want.
-
RE: The Official "Graphic Designers Who Don't Understand Gears" Thread
For those unfamiliar with the "FIRST Robotics Competition", it's a high-school competition pairing students with adult mentors from industry in an attempt to show how awesome science and engineering are as career paths. Each year has a brand new competition, with a new theme.
This years theme was "Steamworks", a Steampunk theme harkening back to the idealized Victorian steam-and-gears-powering-everything era. In the center of the playing field are "Airships", which the robots need to deliver gears to. While the gears used in actual gameplay more-or-less work, the graphics on the airship, well, don't.
-
RE: Classic Programmer Paintings
I read through this thread and for some reason thought it needed some Norman Rockwell.
Why won't the server start? ("Perpetual Motion", 1920)
But that idea would never work! (while surrounded by Highly-Paid Consultants) ("Freedom of Speech", 1943)
And here's a quine from somebody other than Escher, just for a little variety (though I do love the Escher captions here) ("Triple Self-Portrait", 1960)
Latest posts made by pcooper
-
RE: Is there a guide to certificate algorithms?
If you're looking for something a little more authoritative than what I as a random person on the Internet says, then I'd suggest looking at Mozilla's configuration recommendations:
https://wiki.mozilla.org/Security/Server_Side_TLS
If you're a bit more paranoid, it's worth noting that the NSA's guidance as of a few years ago was to use P-384 or 3072-bit RSA for securing government systems, as they didn't seem to think P-256 or 2048-bit RSA was good enough, though I haven't seen any compelling reasons as to why.
It's also worth knowing that ECDSA uses curves that have parameters hand-picked by NIST, and so doesn't qualify as a "Safe Curve". I figure if the US government recommends the military use it for important things then it can't be too bad, but just throwing that out there. That's the main argument I'm aware of for using Ed25519 instead, but it isn't generally supported by CAs/browsers/etc. for "normal" TLS yet (which I'm guessing isn't due to a vast conspiracy, but one never knows…).
-
RE: Is there a guide to certificate algorithms?
@Bulb For general "web" TLS usage, use ECDSA P-256 if you can. If you need compatibility with old systems for some reason (like an email server, or old embedded systems, or whatnot) then stick with RSA 2048-bit.
For things like SSH and GPG, use Ed25519. (Web stuff doesn't generally support it, or I'd recommend it there too.)
-
RE: Wow! "NEW" Microsoft Teams!
@Luhmann My crystal ball tells me that you turned off "Optional Connected Experiences" in the Privacy tab of the Options.
Since getting a gif would involve sending all your personal data to Giphy, which isn't owned by Microsoft.
-
RE: Aviation Antipatterns Thread
@Bulb I think the issue is not so much the specific actions they were taking or tools they were using, but that those actions and tools weren't in the Official Documentation of what they were supposed to be doing.
I'm guessing it's the kind of "certification" where one could have a step of throwing a part across the room into the wall and bounce into a bucket to be collected for the next step, as long as that's the procedure that's written down.
-
RE: Killed by Google
@accalia said in Killed by Google:
if it wern't for the fact that i need a TOTP authenticator app
Those exist on desktop. (I tend to use the one built into KeePassXC, but there are certainly others.) And even on mobile/tablet, you don't necessarily need it to be the same device you use for anything else, or (if pure TOTP) one that has network access at all as long as you keep the time on it somewhat in sync. Basically rolling your own hardware token, which can be pretty cheap to free if you're looking for an old device that doesn't get updates anymore.
@accalia said in Killed by Google:
and work is forcing microsoft authenticator down my throat
Well, I just told mine I don't have a phone and they got me a hardware token.
@accalia said in Killed by Google:
getting a dumb phone. or just.... not having one at all
There are dozens of us! Just a dumb phone in the car for emergencies, and VoIP at home & office.
-
RE: WTF is happening with Windows 10? And nothing else
@hungrier Are you sure? I kind of think he would just be shuffling over to one corner of his grave.
-
RE: The Official Funny Stuff Thread™
@Mason_Wheeler Yeah? Incandescent lighting isn't exactly new…
(Now having a surface-mount incandescent light on a circuit board, I guess that might be less common.)