|
flakeloaf posted:posting on the nice page
|
# ? Aug 8, 2019 19:09 |
|
|
# ? Apr 27, 2024 22:55 |
|
|
# ? Aug 8, 2019 19:10 |
|
if we're still complaining about passwords, some websites will let you make a password for it that works perfectly fine, but the app for the same service will silently truncate the password and wont let one log in. I've encountered this twice and they were both financial institutions 1password is generally good but they have an ideological stance on disallowed characters in passwords (won't support removing specific characters from their generator) so you have to cycle through randomly generated passwords until you get one that doesn't contain []{}#%^*+ or whatever which is annoying in general but super super annoying on mobile
|
# ? Aug 8, 2019 19:19 |
|
Schadenboner posted:This is a behavioral problem not a technical one. Technical solutions will only ever inspire false confidence and, because they do not address (much less resolve) the underlying behavioral issue, will never improve the situations. i'm responding to your asterisk and scare-quotes emoji, which implied that children potentially overdosing on drugs and/or getting raped is not a problem. that said, if you want to really get into your post, while i wouldn't consider digital surveillance to be a complete solution to a behavior problem, i also wouldn't discount its use as an immediate tool for trying to protect a child from bad actors while also working to address the behavioral issue.
|
# ? Aug 8, 2019 19:19 |
|
Farmer Crack-rear end posted:i'm responding to your asterisk and scare-quotes emoji, which implied that children potentially overdosing on drugs and/or getting raped is not a problem. Therapy is a solution. Medication is a solution. If necessary, involuntary commitment is a solution. Installing spyware is not a solution. "We'll only use it this time! And it's for good reasons! Promise promise!" is generally an unfavorable position to hold. E: Also they're called smilies.
|
# ? Aug 8, 2019 19:30 |
|
it's almost like the solutions to complicated problems like parenting must necessarily comprise many different strategies, unless you're a complete simpleton, in which case "installing a program is a one-step way to permanently solve all problems" might be a thing you'd think someone else said
flakeloaf fucked around with this message at 19:35 on Aug 8, 2019 |
# ? Aug 8, 2019 19:31 |
|
Jenny Agutter posted:if we're still complaining about passwords, some websites will let you make a password for it that works perfectly fine, but the app for the same service will silently truncate the password and wont let one log in. I've encountered this twice and they were both financial institutions that is simultaneously funny and sad, 50% like my posting quote:1password is generally good but they have an ideological stance on disallowed characters in passwords (won't support removing specific characters from their generator) so you have to cycle through randomly generated passwords until you get one that doesn't contain []{}#%^*+ or whatever which is annoying in general but super super annoying on mobile i support the stance in general but when it makes the users' lives harder sometimes it's better to just knuckle under than it is to tell them to tell the bank (cause lol of course it's a bank) who doesn't allow single quotes to fix their poo poo quote:it's not worth cluttering up the user interface of 1Password to accommodate website practices that shouldn't be employed at all and represent a relatively small number of sites overall when they are employed.
|
# ? Aug 8, 2019 19:34 |
|
Can't get into that client? Ship them a exploit: https://boingboing.net/2019/08/07/warchakalakaboom.html
|
# ? Aug 8, 2019 20:37 |
|
Jenny Agutter posted:1password is generally good but they have an ideological stance on disallowed characters in passwords (won't support removing specific characters from their generator) so you have to cycle through randomly generated passwords until you get one that doesn't contain []{}#%^*+ or whatever which is annoying in general but super super annoying on mobile if so it seems like a pretty reasonable stance. symbols are barely worth it in the first place, and a limited set of symbols is even less worth it. with 16 symbols allowed it's the difference between 6 bits of entropy per character and 6.3 bits. add one more character if you're worried about password quality, and if you're already at max password length then the max is probably too short with or without symbols. if sites are simultaneously forcing you to use symbols and restricting the list, then
|
# ? Aug 8, 2019 20:47 |
|
Dylan16807 posted:if sites are simultaneously forcing you to use symbols and restricting the list It's this. It's always this.
|
# ? Aug 8, 2019 20:50 |
|
Dylan16807 posted:if sites are simultaneously forcing you to use symbols and restricting the list, then dude,
|
# ? Aug 8, 2019 20:50 |
|
On the topic of password length issues, I managed to create an account for Chargepoint where I can't update my password or any other account-level settings because my username (unmodifiable) is too short.
|
# ? Aug 8, 2019 20:50 |
|
I've seen one website, can't remember which one now, it only popped up the list of restricted symbols after you input one into the new password field
|
# ? Aug 8, 2019 20:51 |
|
James Baud posted:On the topic of password length issues, I managed to create an account for Chargepoint where I can't update my password or any other account-level settings because my username (unmodifiable) is too short. in a similar vein, i have a client who can never update their domain whois with CIRA, because the domain is registered to an organization with "Canada" in the name, and the registrar insists that's a banned word in the organization field for .ca domains
|
# ? Aug 8, 2019 20:54 |
|
infernal machines posted:in a similar vein, i have a client who can never update their domain whois with CIRA, because the domain is registered to an organization with "Canada" in the name, and the registrar insists that's a banned word in the organization field for .ca domains Doesn't the Canadian government name things "(Function) Canada" fairly regularly?
|
# ? Aug 8, 2019 20:55 |
|
COACHS SPORT BAR posted:It's this. It's always this. huh. I've only ever seen sites that require at least three out of capital, lowercase, number, symbol
|
# ? Aug 8, 2019 20:59 |
|
use emojis
|
# ? Aug 8, 2019 21:01 |
|
Dylan16807 posted:you can turn symbols off entirely, right? I had to sign up somewhere recently where the password limit was 15 characters and I had to have three of each: lowercase, uppercase, digits, and a handful of symbols. I basically couldn't use the generator at all it was infuriating, but not the generators fault.
|
# ? Aug 8, 2019 21:02 |
|
Schadenboner posted:Doesn't the Canadian government name things "(Function) Canada" fairly regularly? they do yes, many businesses and organizations with international presence also name themselves (something) Canada. when that's the legal name of your org you have to use it as part of your registration.
|
# ? Aug 8, 2019 21:05 |
|
a description that includes every federally registered corporation, iirc
|
# ? Aug 8, 2019 21:22 |
|
flakeloaf posted:a description that includes every federally registered corporation, iirc also this. i'm fairly sure it's just the registrar being idiots, but it's hard to say because CIRA has changed a bunch of their registration systems recently.
|
# ? Aug 8, 2019 21:27 |
|
I had a site that let me sign up with a + in the email, but not sign in with that email. Invalid characters.
|
# ? Aug 8, 2019 21:52 |
|
So, we're SEIM shopping, down to Secureworks, Logrythm, and Splunk. But now it looks like they are not going to allow us to budget for any of them, and we are not renewing with Symantec for MSS, because its garbage. I'm trying to develop a fallback plan around ELK if we can't get the C levels to sign off on any of our picks.
|
# ? Aug 8, 2019 22:06 |
|
CommieGIR posted:So, we're SEIM shopping, down to Secureworks, Logrythm, and Splunk. whatever happens, don’t do logrhythm
|
# ? Aug 8, 2019 23:05 |
|
Lain Iwakura posted:whatever happens, don’t do logrhythm That's the gist of what we've been getting, but Splunk is outrageously pricey. Logrythm is desperate because they are losing customers right and left. But at this point, Symantec's is so bad that Logrythm might be honestly better, especially if we are using a Managed Services to actually configure and filter. So we can tie deliverable to it and call them out on it via contracts if they cannot. I'd preffer ELK or Splunk. CommieGIR fucked around with this message at 00:27 on Aug 9, 2019 |
# ? Aug 9, 2019 00:15 |
|
CommieGIR posted:That's the gist of what we've been getting, but Splunk is outrageously pricey. Logrythm is desperate because they are losing customers right and left. go with ELK you can find consultants who'll work with you and logrhythm is a sinking ship
|
# ? Aug 9, 2019 00:48 |
|
Lain Iwakura posted:go with ELK That's what I'm planning on. The Analyst handling the SEIM budgeting pitch is aware of the issues, so I'm going with ELK as a fallback. Its not my decision to make, I've been tasked just setting up for contingencies.
|
# ? Aug 9, 2019 00:52 |
|
Lain Iwakura posted:go with ELK Tangentially related to ELK, do you have opinions on Graylog? e: link, https://www.graylog.org/
|
# ? Aug 9, 2019 00:53 |
|
The Fool posted:Tangentially related to ELK, do you have opinions on Graylog? zero
|
# ? Aug 9, 2019 00:54 |
|
Lain Iwakura posted:whatever happens, don’t do logrhythm why are they shedding customers?
|
# ? Aug 9, 2019 01:07 |
|
infernal machines posted:i feel like this is one of the most horrifying things about having a child in the digital age. i don't, but a lot of my friends do as of the last few years and i can't imagine how they're going to deal with the morass of privacy, safety, and trust issues that are exacerbated by access to social media A lot of people who were kids during facebook successfully navigated those things, why would future kids be unable to? Also just like with all things teaching your kids why has always been the solution.
|
# ? Aug 9, 2019 01:27 |
|
Bring the kids to YOSPOS, they'll catch on to all this stuff and be better than us
|
# ? Aug 9, 2019 01:35 |
|
CommieGIR posted:So, we're SEIM shopping, down to Secureworks, Logrythm, and Splunk. Humio is alright if you want something supported and affordable. They'll claim unicorns can fly out its rear end with scaling and their statements are technically true but only because they're optimizing around single parameters (ingest, searchability, retention) so take their demo sizing with a grain of salt
|
# ? Aug 9, 2019 02:15 |
|
Trimson Grondag 3 posted:why are they shedding customers? probably because its doodoo from a butthole
|
# ? Aug 9, 2019 02:16 |
|
ELK isn't much harder to configure than Splunk. There are a lot (at least here) of companies that will setup and maintain a full stack for you for less than like, 10% of what yearly Splunk licensing costs.
|
# ? Aug 9, 2019 02:35 |
|
BangersInMyKnickers posted:probably because its doodoo from a butthole *carefully updates selection criteria*
|
# ? Aug 9, 2019 02:56 |
Jenny Agutter posted:I've seen one website, can't remember which one now, it only popped up the list of restricted symbols after you input one into the new password field Kronos webTA is like this, probably their other solutions as well. except it waits until you enter your old password, the new one, the new one again, and submit the password change form to blank it all out and show a dialog box saying what characters are allowed to be selected from which you have to dismiss to try again.
|
|
# ? Aug 9, 2019 03:24 |
|
its amazing that the two big log ingest tools are written in loving ruby
|
# ? Aug 9, 2019 03:27 |
|
Apparently we use logrhythm at work but I don't have to touch it yet
|
# ? Aug 9, 2019 03:35 |
|
|
# ? Apr 27, 2024 22:55 |
|
CRIP EATIN BREAD posted:its terrifying that the two big log ingest tools are written in loving ruby
|
# ? Aug 9, 2019 03:46 |