I referenced both parts of your comment. First that things were good without any segue as to why you think this contributes.

Then to your assertion that we now have these and didn’t have then before due to lack of community, and I find that to be odd to say about a currently isolated incident that had nearly zero precedent.

There’s not particularly good reason to stop doing it in that scenario either.

You have an offline technology stack in that elevator that has been doing the job correctly for 20 years. Why take on the expense and risk of changing things that aren’t currently broken?

It would be crazy if you are building new to resort to that stack, but for an established elevator, why bother?

Same for some old oscilloscopes at work. I’m not crazy about the choice but I can hardly suggest it would be practical to change it while the oscilloscopes still do their function.

I would say it’s a problem if the stack is online, but if it is self contained, the age of the software doesn’t make it a problem in and out itself.

This comment in the context of a guy bombing other people’s IVF attempts? It’s a valid choice to opt out for oneself, it’s certainly not valid to force others to opt out.

Somewhere in the middle are the folks that take any opportunity to talk about how they think anyone having a kid is highly irresponsible, standing in judgement of people who have even one kid.

I don’t care if you want to refrain from kids and stand by that decision. Closest I’ll come to not minding my own business is to mention that people can change their minds, so you may want to hedge your bets with something reversible like an IUD instead of a hysterectomy, but ultimately you may stand by the decision and that’s all your business.

Your theory is that things are so good it contributed to someone bombing a fertility clinic our of nihilism?

I’ll agree that the “good old days” perspective is wrong, that people have always managed to make each other miserable. I’ll extend that further to say that “characters like this” also aren’t new. Crazy murderous guys are throughout history. This one making global news kind of shows how very particular and rare this brand of character is.

I wonder if the overall thinking is that people need to feel progress to feel good about their lot in life but they can’t constantly deliver that, so they need the political “heels” to come by make things feel worse and then cede to people to make it “better” to make people feel like progress is made

Kind of like how the net result is increased tariffs but because they were temporarily more severe, the general reaction is “the tariffs are gone, what a relief”

Rolling that boulder up the hill requires it roll back downhill so people can cheer it being rolled up the hill again.

Sure, you could do something like that to normalize all manner of passwords to a manageable string, but:

• That hash becomes the password, and you have to treat it as such by hashing it again server side. There’s a high risk a developer that doesn’t understand skips hashing on the backend and ends up insecurely storing a valid password for the account “in the clear”

• Your ability to audit the password for stupid crap in the way in is greatly reduced or at least more complicated. I suppose you can still cross reference the password against HIBP, since they use one way hash anyway as the data. In any event you move all this validation client side and that means an industrious user could disable them and use their bad idea password.

• if you have any client contexts where JavaScript is forbidden, then this would not work. Admittedly, no script friendly web is all but extinct, but some niches still contend with that

• Ultimately, it’s an overcomplication to cater to a user who is inflicting uselessly long passwords on themeselves. An audience that thinks they need such long passwords would also be pissed if the site used a truncated base64 of sha256 to get 24 ASCII characters as they would think it’s insecure. Note that I imply skipping rounds, which is fine in such a hypothetical and the real one way activity happens backend side.

That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm

Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq

A 24 char passphrase while not as bulletproof as a machine generated string is still credibly strong even to offline cracking attacks when possible. In all the datasets of passwords acquired through that sort of cracking I don’t think I’ve ever seen it catch even a 4 word passphrase.

Though it could also amplify DDOS. Allowing 72 character passwords lets a DDOS be three times rougher despite being a seemingly modest limit for a single request.

If a password/passphrase is 24 characters, then any further characters have no incremental practical security value. The only sorts of secrets that demand more entropy than that are algorithms that can’t just use arbitrary values (e.g RSA keys are big because they can’t be just any value).

Back in the day, long time ago, Unix would do that, and limit user silently to 8 characters.

Which then wasn’t great, but a good password would be hard to break even at only 8 characters with equipment of the time.

We would do a cracking test against the user passwords periodically and ding users who got cracked. Well one user was shocked because they thought their 16 character password was super secure and there’s no way we would crack it. So we cited her password and she was shocked she went through so much trouble only for the computer to throw away half her awesome password.

So I just went through something similar with a security team, they were concerned that any data should have limits even if transiently used because at some point that means the application stack is holding that much in memory at some point. Username and password being fields you can force into the application stack memory without authentication. So potentially significantly more expensive than the trivial examples given of syn and pings. Arbitrary headers (and payloads) could be as painful, but like passwords those frequently have limits and immediately reject if the incoming request hits a threshold. In fact a threshold to limit overall request size might have suggested a limited budget for the portion that would carry a password.

24 characters is enough to hold a rather satisfactorily hardened but human memorable passphrase. They mentioned use of a password manager, in which case 24 characters would be more entropy than a 144 bit key. Even if you had the properly crypted and salted password database for offline attack, it would still be impossibly easier to just crack the AES key of a session, which is generally considered impossible enough to ignore as a realistic risk.

As to the point about they could just limit requests instead of directing a smaller password, well it would certainly suck of they allowed a huge password that would be blocked anyway, so it makes sense to block up front.

Even without Gemini, many of my searches are covered by the few word snippets from the top few results. Most of my searches are quick queries with quick answers, usually not me embarking on some huge research effort.

The environmental causes are availability of options we crave but are still not forced into, so individual responsibility is absolutely a thing.

I was obese and it sucked but I got down to a healthy weight, and keeping it off kind of still sucks but it doesn’t take a lot of time or money, in fact it’s generally cheaper.

Fast food is constantly highlighted as an impossibly unhealthy reality, the nicer places cost more and take too much time. Except you can choose passable choices in fast food.

If you can freely pick, there are fast food places that offer salads with maybe some grilled chicken, which can be healthy unless you opt to drown it in ranch.

But let’s say you are in a group and they pick a restaurant without an option like salad. Just asking for water instead of a big sugary drink gets you so much closer to healthy. Skip the fries, skip the mayo, get a smaller burger. All these things are cheaper and friendlier to a reasonable caloric budget.

It sucks because it means eating to feeling “ok” while skipping the most awesome foods and rarely getting to feel just utterly full, but that was just life when people had healthier weight.

Similarly on activity. It does suck that work has people sedentary, but our idle pursuits are similar. When I was a kid, TV was stuck on a schedule and video games were only so engaging, so we would get bored and want to do something. Maybe it was walk amongst some trees to see if anytime interesting was around. Maybe do something with a ball. Nowadays we can get endless engagement from streaming, video games, and Internet. So tempting to just be on the couch. We can still choose those more active things, but we don’t want to.

Note all this awesome stuff is still great in moderation. I just went full on gorging at a restaurant a week ago on pretty much whatever I wanted. The thing is this is maybe like once every 2 or 3 weeks, not daily like we really want to.

https://en.wikipedia.org/wiki/Harley_Quinn_(TV_series)

Ironically, in Harley Quinn, Joker actually becomes mayor and he actually was a good mayor, much better than Trump as a president.

I was listening to another union leader talk on current situation and he transparently expressed how good the tariffs were that specifically applied to his specific industry but lamented how it was also impacting other goods making them unaffordable for the union members…

I suppose the question would be the alternative.

Note the devices actively discouraging offline save is a huge asset to schools, since kids screw up a lot, forget their devices and need loaners to get through a day and such. Extra bonus if the device can’t be too fun, to avoid them being overly used at home and get broken more.So Chromebook is desirable because they suck so much.

The good time to sell was December…

Suppose it’s now a “less bad” time than it’s probably going to get.

Eh, I think if there’s significant room for conspiracy theory bullshit around his death I would be too concerned how that might be weaponized. So I am very much hoping nothing even potentially suspicious kills him off.

Yeah, a way to play both sides of pushing for a harsh sentence whole you use a puppet to drive empathy…

Should have been a slam dunk without the video.