• 0 Posts
  • 155 Comments
Joined 1 year ago
cake
Cake day: November 7th, 2023

help-circle






  • That’s only really true if you’re going to be storing the password in a secure vault after randomly generating it; otherwise, it’s terrible because 1) nobody will be able to remember it so they’ll be writing it down, and 2) it’ll be such a pain to type that people will find ways to circumvent it at every possible turn

    Pass phrases, even when taken with the idea that it’s a limited character set that follows a semi predictable flow, if you look at it in terms of the number of words possible it actually is decently secure, especially if the words used are random and not meaningful to the user. Even limiting yourself to the 1000 most common words in the English language and using 4 words, that’s one trillion possible combinations without even accounting for modifying capitalisation, adding a symbol or three, including a short number at the end…

    And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them

    Your way is theoretically more secure, but practically only works for machines or with secure password storage. If it’s something a human needs to remember and type themselves, phrases of random words is much more viable and much more likely to be used in a secure fashion.



  • They do make some sense if you consider the US’s puritanical roots where, in essence, suffering is considered good and moral, or at least leisure and enjoyment are considered hedonistic and immortal.

    Also, that for whatever reason everything is short term thinking: is this quarter better than last quarter? If not, your business is failing. Is this quarter enough better than last quarter? Business is failing.

    From a business perspective, it makes no sense, but businesses don’t make decisions. People do. And those people frequently do not stick around to see the fallout from those decisions, they just pump up the business’ bottom line long enough for the stocks to rise, sell out, then bail out taking a generous severance before the company crashes and burns.

    And nobody is really stopping it because it’s so lucrative at the individual level that the individuals that might be able to change it are profiting from it.

    And lack of regulation is what permits it to continue.


  • I actually do have separate sick leave, but plenty of times at other jobs have had combined PTO, which basically means I’m burning my potential vacation by being sick.

    Other times, I’ve not even had sick leave at all, got fired once for taking one day off with explosive diarrhea because I couldn’t afford to see a doctor to get a note on minimum wage.

    Some companies are better. Some states have actually somewhat decent protections. Lots of others are complete garbage.

    So yeah… A lot of us are jealous of what Europeans have, but not enough so to organize and demand better of our employers and our government


  • Most people over school age in the US do not get a summer vacation. Most are lucky if they have enough vacation hours to rub together to cover a random illness so they don’t have to work while barely able to function for being too sick.

    And I’m not even close to joking or exaggerating.

    It’s fucking bad here. We’re horribly jealous.

    I’m extremely fortunate for having 5 weeks of vacation per year, and half of that is only because of working extra on the weekends to bank extra time. And good luck getting approval to take more than about a week of it at a time.









  • You know Linux isn’t just used by enterprise sysadmins, right?

    And even speaking as an enterprise sysadmin myself, I’ve not had need or use for deterministic interface naming once in my career. I have no clue how common that is, but most of the servers, both physical and virtual, that I’ve worked on only had one Ethernet port connected.

    I see the purpose of this, but don’t see a reason why it should be the default, or why it couldn’t have been implemented like HHD/SSD UUIDs where the old dev names were left intact for easy use outside of fstab and the like where consistency could become a problem

    ETA: you also seemed to miss the part of my initial reply to you about it being something that can be enabled by those who need it… And if you’re going to say that the enterprise professionals who need it shouldn’t have to turn it on every time they spin up a system, I’ll remind you that enterprise admins working at that level where they’re setting up enough servers for that to be a hassle are probably using orchestration like Ansible, Chef, or Puppet, and can just add that into their configs once