Re: Can You Keep A Secret?

1

So, are you in the camp of the random password generators, or Randall Munro?


Posted by: chris y | Link to this comment | 10-15-16 3:34 AM
horizontal rule
2

but say nothing of import to anyone

Foil the hackers by having nothing worth hacking is a tried and true strategy.


Posted by: AcademicLurker | Link to this comment | 10-15-16 5:05 AM
horizontal rule
3

Random password generators where the master password is a Munro recommended method.


Posted by: SP | Link to this comment | 10-15-16 5:07 AM
horizontal rule
4

Last week, I decided to take my work password seriously. I made a sentence, used the first letters of the words in it, plus some numbers and special characters, to create a password. I used the password twice and then forgot it.


Posted by: Moby Hick | Link to this comment | 10-15-16 5:21 AM
horizontal rule
5

I have no idea how I used it twice and then it was gone from my brain.


Posted by: Moby Hick | Link to this comment | 10-15-16 5:35 AM
horizontal rule
6

Mostly I'm just irked because I have to change my password every 60 days. I'm not sure how that helps security.


Posted by: Moby Hick | Link to this comment | 10-15-16 5:36 AM
horizontal rule
7

3 would be a great idea if sites requiring passwords didn't restrict the passwords you randomly create, and no two sites seem to agree on how to restrict them. I use random passwords when I can but usually it's just too much work to figure out what a site will accept (since they rarely spell it out in detail). There is literally no reason why a password of a given length shouldn't be able to consist of any string of characters. There is also no reason why you should ever have to actually type it, so it can be as crazy as randomness wants to be.

I recommend Password Safe or something similar, so as long as you remember the password to access the other passwords, you are fine. Use the Randall Munro method for that one if you want, as it never leaves your computer.

(Which of course means if your computer is compromised someone might be able to guess it or brute force it, but you're completely screwed then anyway.)


Posted by: DaveLMA | Link to this comment | 10-15-16 5:53 AM
horizontal rule
8

On the Podesta email hack, I'm honestly shocked that the media isn't treating it with more suspicion and disapproval. On the face of it, isn't it literally worse than Watergate?

Is this just the new normal? Anyone in politics who attracts the ire of the powerful can just expect their electronic correspondence, not to mention those of everyone around them, to be subject to hacking attempts?

If we put that in physical terms - everyone would be likely to have their papers and effects rifled through - that's not even remotely okay.


Posted by: (gensym) | Link to this comment | 10-15-16 5:54 AM
horizontal rule
9

I use LastPass, which generates passwords for me, and my master password is a long random string that I've memorized. I have two-factor enabled for my main email accounts. If I were or knew important people, I'd get on Signal.


Posted by: ogged | Link to this comment | 10-15-16 6:16 AM
horizontal rule
10

8.1 is right. Nobody expects physical locks to be able to keep out all intruders. It's not like after Watergate people said "The Democrats should have put an armed guard there or used a better lock."


Posted by: Moby Hick | Link to this comment | 10-15-16 6:20 AM
horizontal rule
11

I have used LastPass for years. This week I decided to clean it up and generate random passwords to replace all the accounts where I'd used (Chopper's favorite band in college)--my default password for 24 years. Took me 4 fucking hours and I have yet to change my passwords for my primary financial institution and email accounts because I like to have those memorized. What a pain in the ass.


Posted by: Chopper | Link to this comment | 10-15-16 7:28 AM
horizontal rule
12

Most of my passwords are based on one of two short phrases, but with different capitalization or numbers or symbols in certain places. I have a document with things like "secondary phrase, 4 in third position, 1 at end" written on it, but the actual phrases aren't written down anywhere. Low-tech and depends on not losing that document, but it seems to be working so far.


Posted by: Cyrus | Link to this comment | 10-15-16 7:51 AM
horizontal rule
13

Ogged is hacking you and this is how he gets hints.


Posted by: Moby Hick | Link to this comment | 10-15-16 7:53 AM
horizontal rule
14

I'm pretty sure that someone will use the blog not only for hacking, but for murders. Just haven't figured out who or how.


Posted by: R Tigre | Link to this comment | 10-15-16 8:06 AM
horizontal rule
15

I know who.


Posted by: Moby Hick | Link to this comment | 10-15-16 8:09 AM
horizontal rule
16

And "how" would obviously be "with an ekranoplan."


Posted by: DaveLMA | Link to this comment | 10-15-16 8:33 AM
horizontal rule
17

No extradition from Russia amirite?


Posted by: Mossy Character | Link to this comment | 10-15-16 8:45 AM
horizontal rule
18

15: Your pun trove would convince any jury it was justifiable homicide.


Posted by: Thorn | Link to this comment | 10-15-16 9:17 AM
horizontal rule
19

My wife is going to be really pissed when Cerebocrat or Lemmy Caution shows up one night and starts hacking us to death in our beds.


Posted by: R Tigre | Link to this comment | 10-15-16 9:27 AM
horizontal rule
20

I installed Signal on the same general principle as ogged, but it turns out I don't actually text/IM with anyone other than my wife in the first place.


Posted by: Nathan Williams | Link to this comment | 10-15-16 9:27 AM
horizontal rule
21

19: At them or at you?


Posted by: Thorn | Link to this comment | 10-15-16 9:29 AM
horizontal rule
22

"Never was the smoke so thick or so blue, never did it penetrate the eyes, the nose, the throat, the lungs so deeply that it could be forgotten as the precursor of that fragrance which fills the soul with optimism and faith, the fragrance of the crushed beans beneath the jet of boiling water curving from the kettle, the smell of coffee." is the coffee sentence I mentioned above.


Posted by: nosflow | Link to this comment | 10-15-16 9:35 AM
horizontal rule
23

In a different thread.


Posted by: nosflow | Link to this comment | 10-15-16 9:36 AM
horizontal rule
24

Always already above. But that's a good one!


Posted by: Thorn | Link to this comment | 10-15-16 9:41 AM
horizontal rule
25

I use a long sentence from from the Meditations of Marcus Aurelius which I have had sitting in a little frame on my desk. I recently re-read it after simply ignoring it for years and discovered that the sentence I have memorized diverges considerably from the real thing. I have no idea how this happened, but now my go-to passphrase is a butchery of a very good bit of advice. I'm starting to have trouble keeping the real thing and the butchered version separate in my mind, so I've been having to try both versions as well as versions with only bits of the butchery. My mind is clearly beginning to go.


Posted by: togolosh | Link to this comment | 10-15-16 9:56 AM
horizontal rule
26

25: Heh, for one of my passwords I did generate it off of a passage from Gibbons. Not going to reread it in case there's divergence, leading me to inevitably lock myself out of one of my machines.


Posted by: dalriata | Link to this comment | 10-15-16 10:35 AM
horizontal rule
27

#dilettanteproblems


Posted by: Mossy Character | Link to this comment | 10-15-16 10:55 AM
horizontal rule
28

Confidential to Clytie: I've seen two women in capes in the past two days, each wearing hers well.


Posted by: nosflow | Link to this comment | 10-15-16 10:59 AM
horizontal rule
29

I've always wanted a cape, but I'm not convinced I'm the sort who could pull one off. 28 and Clytie's very existence are more evidence for that theory. I could probably skulk, at least.


Posted by: Thorn | Link to this comment | 10-15-16 11:56 AM
horizontal rule
30

I've received mine, it is excellent. I'm not at all clever about passwords but I figure I cannot be effectively impeached by anything in my internet history if hackers are scared I will hex them.


Posted by: Clytie | Link to this comment | 10-15-16 12:06 PM
horizontal rule
31

They'd be rightfully afraid of becoming 0xdeadd00ds.


Posted by: dalriata | Link to this comment | 10-15-16 12:09 PM
horizontal rule
32

Yes yes yes, dead ox-men, precisely.


Posted by: Clytie | Link to this comment | 10-15-16 12:13 PM
horizontal rule
33

31 was clever; good job.


Posted by: nosflow | Link to this comment | 10-15-16 12:17 PM
horizontal rule
34

I thought it was in deep sub-Moby territory, but I'll take what I can get. Deceased ox-men conversion (aurochs are in the other thread) is delightful. Capes for all!


Posted by: dalriata | Link to this comment | 10-15-16 12:21 PM
horizontal rule
35

More mischievously, seeing how poorly the referenced emails support the breathless synopses that are floating around the alt-right cesspool, I'm more than a little tempted to start spreading the BOMBSHELL REVELATION that Pau/lRyan and Rei/ncePrebus acted in cahoots with Pode/sta to leak the Access Hollywood tape. One could even forge supporting correspondence with but a modest effort.

Any other ideas for making lemonade?


Posted by: (gensym) | Link to this comment | 10-15-16 12:32 PM
horizontal rule
36

Any other ideas for making lemonade?

Thinly peeled lemon zest pounded with sugar and let to sit for an hour or so will exude a lot of delicious lemony oils.


Posted by: nosflow | Link to this comment | 10-15-16 12:33 PM
horizontal rule
37

31 was too deep for me to get.


Posted by: Moby Hick | Link to this comment | 10-15-16 12:49 PM
horizontal rule
38

35.1: Spread the rumor that Clinton thinks Trump was on cocaine during the debate and that she wants to have drug tests before the next debate in hopes that Trump will make an ass of himself by suggesting drugs tests before Clinton can..


Posted by: Moby Hick | Link to this comment | 10-15-16 12:50 PM
horizontal rule
39

"0xdeadd00d" is hexadecimal, and Clytie referred to hexing hax0rs, see?


Posted by: nosflow | Link to this comment | 10-15-16 12:51 PM
horizontal rule
40

Oh. The 'o' is a '0'.


Posted by: Moby Hick | Link to this comment | 10-15-16 12:53 PM
horizontal rule
41

The o is the still-beating heart wrenched from the chest of those who would seek my PIN numbers tho.


Posted by: Clytie | Link to this comment | 10-15-16 1:07 PM
horizontal rule
42

nom nom nom


Posted by: Clytie | Link to this comment | 10-15-16 1:08 PM
horizontal rule
43

Because I was lazy and feeling that people were not using enough Spaceballs references, I used '1234' as my PIN on my library card. Somebody ordered a book using my card, so I switched the PIN.


Posted by: Moby Hick | Link to this comment | 10-15-16 1:13 PM
horizontal rule
44

43

That was me. I've also got your bank account pin and I'm in the process of converting your net wealth into bitcoin as we speak.


Posted by: Buttercup | Link to this comment | 10-15-16 1:33 PM
horizontal rule
45

Mostly I'm just irked because I have to change my password every 60 days. I'm not sure how that helps security.

For me, it helps security by incentivising me to leave a post-it note with the most recent impossible-to-remember password stuck to my monitor. So my work PC is approximately as secure as post-it glue.


Posted by: Swope FM | Link to this comment | 10-15-16 4:25 PM
horizontal rule
46

I hope you enjoyed Space Pirate Wench 2240.


Posted by: Moby Hick | Link to this comment | 10-15-16 4:25 PM
horizontal rule
47

Was 38 a joke, or a reference to the fact that today Trump literally suggested they take drug tests before the next debate?


Posted by: Witt | Link to this comment | 10-15-16 4:53 PM
horizontal rule
48

Also, if you want to feel better about humanity, going door to door to GOTV will help tremendously. I got to spend 3 hours today walking around in gorgeous fall weather with an amusingly irascible old Dutch man as we talked to infrequent and/or young voters. Such a pleasure to talk with them, and hear their commitment to voting even despite the pretty tough circumstances that many live in.


Posted by: Witt | Link to this comment | 10-15-16 5:04 PM
horizontal rule
49

47: It was supposed to be both.


Posted by: Moby Hick | Link to this comment | 10-15-16 5:08 PM
horizontal rule
50

48 is probably true, but that's more talking to strangers than I can ever imagine myself doing. On the other hand, I did go to a Young Democrats meeting today, so I can confirm that not everyone in the state is as averse to it as me.


Posted by: teofilo | Link to this comment | 10-15-16 5:09 PM
horizontal rule
51

|| Listening to a lot of music from my teen years and remembering a bunch of great non-partner memories. Trying no to feel guilty for all the pleasure it is giving me.|>


Posted by: President of the United States | Link to this comment | 10-15-16 5:44 PM
horizontal rule
52

You're remembering your teenage masturbation?


Posted by: Moby Hick | Link to this comment | 10-15-16 5:47 PM
horizontal rule
53

Or should that be non-current-partner?


Posted by: Moby Hick | Link to this comment | 10-15-16 5:48 PM
horizontal rule
54

50: Far be it from me to try to tell anyone how much social interaction they should have, but as a purely factual matter I probably spent 25 minutes total talking to 12 people in 3.5 hours. The rest was just walking around and knocking on doors of people who weren't home.


Posted by: Witt | Link to this comment | 10-15-16 5:55 PM
horizontal rule
55

50 was perhaps somewhat overstated. Still, that sort of thing is really not for me.


Posted by: teofilo | Link to this comment | 10-15-16 6:16 PM
horizontal rule
56

48: as we talked to infrequent and/or young voters

Interesting. On this side of the state we had the same target audience today. Maybe more mixed on the uplift. It was actually in a quite wealthy area with houses way back off the street--so a lot of exercise. Most "not home", but i think a lot were kust not coming to the door.


Posted by: JP Stormcrow | Link to this comment | 10-15-16 7:41 PM
horizontal rule
57

54/56: props to you both. Like teo (and perhaps even moreso) I'm not characteristically cut out for that.


Posted by: dalriata | Link to this comment | 10-15-16 7:58 PM
horizontal rule
58

It would be hard to be more averse to it than me, but yes, glad to hear someone's doing that work.


Posted by: teofilo | Link to this comment | 10-15-16 8:06 PM
horizontal rule
59

I think I'd win a social awkwardness and aversion contest. However it's measured. Inverse mouse orgasms, I suppose.


Posted by: dalriata | Link to this comment | 10-15-16 8:10 PM
horizontal rule
60

To the OP..... if we are really serious about secrecy and paranoia on general principal, the blog should probably be encrypting in https rather than our current practice serving it up as plain text. This would mean that unfogged communications could not be easily eavesdropped on (except for, you know, through public comment threads).

The only down side is that https is a huge pain in the ass.


Posted by: Spike | Link to this comment | 10-15-16 8:20 PM
horizontal rule
61

Spike, love ya bro, but that's a to-be-sure parenthetical that ate the whole comment.


Posted by: ogged | Link to this comment | 10-15-16 9:01 PM
horizontal rule
62

Kinda think that was the point, actually.


Posted by: teofilo | Link to this comment | 10-15-16 9:13 PM
horizontal rule
63

Except https would mean that someone running a packet sniffer in the same cafe couldn't tell you were on unfogged.com without looking at your screen, right? That's not nothing.


Posted by: fake accent | Link to this comment | 10-15-16 9:50 PM
horizontal rule
64

Probably not enough to justify https either.


Posted by: fake accent | Link to this comment | 10-15-16 9:51 PM
horizontal rule
65

Presumably there are also administration tasks that go on behind the scenes. Are those logins sent over plain text? What kind of damage could someone do if they go in there?


Posted by: Spike | Link to this comment | 10-15-16 10:14 PM
horizontal rule
66

Except https would mean that someone your boss running a packet sniffer in the same cafe at the office couldn't tell you were on unfogged.com without looking at your screen, right?


Posted by: Spike | Link to this comment | 10-15-16 10:19 PM
horizontal rule
67

Presumably there are also administration tasks that go on behind the scenes

As the putative administrator of the server, I can assure you that this is not the case.


Posted by: nosflow | Link to this comment | 10-15-16 10:20 PM
horizontal rule
68

It does seem like Unfogged is about as close to an open book as any website around these days.


Posted by: teofilo | Link to this comment | 10-15-16 10:27 PM
horizontal rule
69

That should probably change.


Posted by: nosflow | Link to this comment | 10-15-16 10:32 PM
horizontal rule
70

Yeah, probably.


Posted by: teofilo | Link to this comment | 10-15-16 10:34 PM
horizontal rule
71

Take Unfogged presidential?


Posted by: Barry Freed | Link to this comment | 10-15-16 11:21 PM
horizontal rule
72

I've hacked my browser to make it all white text on white.


Posted by: fake accent | Link to this comment | 10-15-16 11:23 PM
horizontal rule
73

I call the white-on-white theme "Trump demographics".


Posted by: fake accent | Link to this comment | 10-15-16 11:24 PM
horizontal rule
74

President Product of Two Large Primes.


Posted by: dalriata | Link to this comment | 10-15-16 11:24 PM
horizontal rule
75

We'll have to move to https soon if we want to maintain our all-important search ranking.


Posted by: Mossy Character | Link to this comment | 10-15-16 11:29 PM
horizontal rule
76

66

Your employer can deploy false certs for a man in the middle attack if they feel like it. Most big companies do feel like it.

Some browsers on some platforms do tell you this is happening Firefox, Chrome-on-phones, at least in my experience. Not sure what others.


Posted by: DaveLMA | Link to this comment | 10-16-16 4:41 AM
horizontal rule
77

Your employer can deploy false certs for a man in the middle attack if they feel like it. Most big companies do feel like it.

True, of course. I think whether your browser warns you or not depends on how sloppy the company's been in getting your computer to recognize their replacement certificate.


Posted by: Spike | Link to this comment | 10-16-16 5:20 AM
horizontal rule
78

77 comments and nobody picked up on Russian hackers being a red herring?


Posted by: Soup | Link to this comment | 10-16-16 11:23 AM
horizontal rule
79

You're right. Iranian hackers are much worse.


Posted by: Mossy Character | Link to this comment | 10-16-16 11:28 AM
horizontal rule
80

Ogged: I have a question concerning your bootcamp experience (and anyone else who's been to bootcamp feel free to chime in.)

As part of your training in various web technologies, what kind of information did they give you about ensuring that the sites you develop are accessible to the blind/mobility impaired/otherwise disabled? Did they spend any time of stuff like Section 508, ARIA, the Web Content Accessibility Guidelines, appropriate color and contrast choices, and not fucking up keyboard focus?


Posted by: Spike | Link to this comment | 10-17-16 12:36 PM
horizontal rule
81

Also: should I buy the stupid big SSD or the stupid fast SSD?


Posted by: Spike | Link to this comment | 10-17-16 6:59 PM
horizontal rule
82

81: The smart move afaik is to get whichever SSD won't lose your data or otherwise crap out on you. At the time I was buying SSDs this was Intel; not sure what it is now.

Also taking unfogged https will kill me; right now it's the best way to trigger captive portal login.


Posted by: Jake | Link to this comment | 10-17-16 7:17 PM
horizontal rule
83

82: slashdot works for that too.


Posted by: nosflow | Link to this comment | 10-17-16 7:28 PM
horizontal rule
84

Yeah, no kidding. The user experience in browsers for captive portal interaction with https is shit right now. The browser makers need to figure out how do do that without dumping scary, pointless certificate warnings on you. One would think that with all the institutional push toward https they would have addressed that.


Posted by: Spike | Link to this comment | 10-17-16 7:38 PM
horizontal rule
85

This will actually be the first SSD I've bought in a while. I was a relatively early adopter and I had two die on me, so I went back to spinning disks. But now my PC is a lot pokier than it should be, and I'm blaming the hard drive.


Posted by: Spike | Link to this comment | 10-17-16 7:44 PM
horizontal rule
86

Huh, I didn't realize captive portal problems were an https thing. I started running into them when I moved to linux so I assumed it was a linux issue. I usually try to go to the site of whatever organization is running the wifi, so if it's a college campus I go to the campus home page, or for a hotel I go to the hotel home page.


Posted by: fake accent | Link to this comment | 10-17-16 8:27 PM
horizontal rule
87

The way it used to be was that SSDs were rated for X writes where X is much less than it would be for a disk, so the setup you wanted was OS on an SSD, cache on a disk, and data mostly wherever, depending on the application.(eg DBs and such on the disk, but media doesn't matter) Not sure if it still works this way.


Posted by: foolishmortal | Link to this comment | 10-17-16 9:11 PM
horizontal rule