jj4211
@jj4211@lemmy.world
- Comment on Microsoft renames "Remote Desktop" to "Windows App". Good luck googling for any help or troubleshooting it. 6 days ago:
Sure, though at least it doesn’t take too many words to clarify…
windows app on the other hand…
- Comment on Microsoft renames "Remote Desktop" to "Windows App". Good luck googling for any help or troubleshooting it. 6 days ago:
Do you mean teams for work or school or teams for personal?
- Comment on Microsoft renames "Remote Desktop" to "Windows App". Good luck googling for any help or troubleshooting it. 6 days ago:
That compatibility matrix, the windows app does not support connecting to Windows from Windows… That’s some amazing product planning there from Microsoft…
- Comment on Rawr 1 week ago:
Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.
Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”
- Comment on My password is not accepted because it is too long 1 week ago:
Sure, you could do something like that to normalize all manner of passwords to a manageable string, but:
-
That hash becomes the password, and you have to treat it as such by hashing it again server side. There’s a high risk a developer that doesn’t understand skips hashing on the backend and ends up insecurely storing a valid password for the account “in the clear”
-
Your ability to audit the password for stupid crap in the way in is greatly reduced or at least more complicated. I suppose you can still cross reference the password against HIBP, since they use one way hash anyway as the data. In any event you move all this validation client side and that means an industrious user could disable them and use their bad idea password.
-
if you have any client contexts where JavaScript is forbidden, then this would not work. Admittedly, no script friendly web is all but extinct, but some niches still contend with that
-
Ultimately, it’s an overcomplication to cater to a user who is inflicting uselessly long passwords on themeselves. An audience that thinks they need such long passwords would also be pissed if the site used a truncated base64 of sha256 to get 24 ASCII characters as they would think it’s insecure. Note that I imply skipping rounds, which is fine in such a hypothetical and the real one way activity happens backend side.
-
- Comment on My password is not accepted because it is too long 1 week ago:
That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm
Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq
- Comment on My password is not accepted because it is too long 1 week ago:
A 24 char passphrase while not as bulletproof as a machine generated string is still credibly strong even to offline cracking attacks when possible. In all the datasets of passwords acquired through that sort of cracking I don’t think I’ve ever seen it catch even a 4 word passphrase.
- Comment on My password is not accepted because it is too long 1 week ago:
Though it could also amplify DDOS. Allowing 72 character passwords lets a DDOS be three times rougher despite being a seemingly modest limit for a single request.
If a password/passphrase is 24 characters, then any further characters have no incremental practical security value. The only sorts of secrets that demand more entropy than that are algorithms that can’t just use arbitrary values (e.g RSA keys are big because they can’t be just any value).
- Comment on My password is not accepted because it is too long 1 week ago:
So I just went through something similar with a security team, they were concerned that any data should have limits even if transiently used because at some point that means the application stack is holding that much in memory at some point. Username and password being fields you can force into the application stack memory without authentication. So potentially significantly more expensive than the trivial examples given of syn and pings. Arbitrary eaders (and payloads) could be as painful, but like passwords those frequently have limits and immediately reject if the incoming request hits a threshold. In fact a threshold to limit overall request size might have suggested a limited budget for the portion that would carry a payed.
24 characters is enough to hold a rather satisfactorily hardened but human memorable passphrase. They mentioned use of a password manager, in which case 24 characters would be more entropy than a 144 bit key. Even if you had the properly cryptid and salted password database for offline attack, it would still be impossibly easier to just crack the AES key of a session, which is generally considered impossible enough to ignore.
As to the point about they could just limit requests instead of directing a smaller password, well it would certainly suck of they allowed a huge password that would be blocked anyway, so it makes sense to warn up front.
- Comment on doctors 2 weeks ago:
The environmental causes are availability of options we crave but are still not forced into, so individual responsibility is absolutely a thing.
I was obese and it sucked but I got down to a healthy weight, and keeping it off kind of still sucks but it doesn’t take a lot of time or money, in fact it’s generally cheaper.
Fast food is constantly highlighted as an impossibly unhealthy reality, the nicer places cost more and take too much time. Except you can choose passable choices in fast food.
If you can freely pick, there are fast food places that offer salads with maybe some grilled chicken, which can be healthy unless you opt to drown it in ranch.
But let’s say you are in a group and they pick a restaurant without an option like salad. Just asking for water instead of a big sugary drink gets you so much closer to healthy. Skip the fries, skip the mayo, get a smaller burger. All these things are cheaper and friendlier to a reasonable caloric budget.
It sucks because it means eating to feeling “ok” while skipping the most awesome foods and rarely getting to feel just utterly full, but that was just life when people had healthier weight.
Similarly on activity. It does suck that work has people sedentary, but our idle pursuits are similar. When I was a kid, TV was stuck on a schedule and video games were only so engaging, so we would get bored and want to do something. Maybe it was walk amongst some trees to see if anytime interesting was around. Maybe do something with a ball. Nowadays we can get endless engagement from streaming, video games, and Internet. So tempting to just be on the couch. We can still choose those more active things, but we don’t want to.
Note all this awesome stuff is still great in moderation. I just went full on gorging at a restaurant a week ago on pretty much whatever I wanted. The thing is this is maybe like once every 2 or 3 weeks, not daily like we really want to.
- Comment on Want happier employees? Start with a 32-hour workweek – and 4 weeks vacation. 3 weeks ago:
A dock worker wouldn’t be more productive remote. There’s obviously some responsibilities that cannot be done in person, and a lot of jobs require both.
But let’s say we discard all obviously in-person sorts of work from the “jobs that can move to remote”, the so called “knowledge work”, and we are deep in an area where objective measure of “productivity” has proven elusive. For example, one such study I looked at used “how productive do you feel?” as the basis. Another facet is individual productivity versus group productivity, particularly over time. A pretty middling junior employee spends a lot of time flailing hopelessly because no one knows to get with him and help him become better, both in terms of his job and in terms of communication and confidence (e.g. not trying to hide having difficulty to avoid people thinking he is less competent than he should be, when everyone has those sorts of struggles).
The commute, morale, ability to avoid low value coworker distractions (no, I don’t need the daily reminder that my coworker in fact has a boat…) , and ability to manage the work related distractions better certainly help remote work. However home life distractions and the ability to tune out work related distractions a little too well at the expenese of peer productivity can impact work at home. Different people and situations manipulate this balance and for the best employees, that morale can go a long way to having a good outcome, but I think we have to confess that in-person has some value.
- Comment on Want happier employees? Start with a 32-hour workweek – and 4 weeks vacation. 3 weeks ago:
My experience is that in person and remote favors different sorts of tasks. For me I have both so I think hybrid is the most ‘productive’, though I’m much happier with the ‘remote’.
So on pure productivity, I could see some roles favor in-person.
But if you want to more cheaply recruit and retain, favoring remote is certainly going to help.
I really want a new normal of shorter hours, though that might be a trickier discussion so long as we have very highly utilized labor pool.
- Comment on OMG no please don’t call me. 4 weeks ago:
For me I’ve got to put live recording away toward the end. If I’m doing a recording, I’ve got way too much opportunity to second guess myself in editing and zero indications whether I’m going a useful direction in my talk.
- Comment on If I snapped you back in time 650 years right this very second, how would you use your current knowledge to succeed? 4 weeks ago:
Well you can do that today. Find a tree out in the middle of nowhere and sit under it without any electronic devices. Then you are oblivious to all that stuff. You may be bothered by the fact that the things are still happening, but there are also plenty of horrific things happening in that time period you went to, you just won’t be keeping track of them.
- Comment on Philosophy moment 4 weeks ago:
This may shock you, but guns are banned more often than phones in school, and the bans are more severe as are the consequences.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
Heh, recently I was looking up things about terminal graphics and came upon: github.com/microsoft/terminal/issues/8389
And DHowett’s reply was pretty dismissive. Guess that was the tip of the iceberg.
But this anecdote is a good ‘corp’ versus ‘open source’ anecdote. There’s simply no way a business with project management would even think about optimizing performance of a terminal emulator that seems to vaguely work according to the marketing requirements. What a waste of time, right? My experience with a software development organization is 99% of management work is to rationalize away doing anything.
Meanwhile, open source someone says “screw it, this is crap, I can fix it”.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
I don’t know, I mean I’ve seen a fair amount of IDE capability out of VSCode after some invested effort to try to get it there, but at it’s best I haven’t seen it as comprehensive as what I’ve seen in a Jetbrains IDE. That said, in my use case the IDE capabilities don’t apply very well anyway, so it’s moot for me and I’m happy with Kate with LSP.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
I think this speaks to the potential strengths and weaknesses of open versus commercial.
It boils down to amount of resources and how they are invested.
In terms of amount of resources, open source has a rather organic pool of software developers. So if you have a use case that impacts every software developer in the world, well the open source has a lot of free labor that can produce impressive results that a commercial player would have a hard time out-spending. Conversely, if the use case is relatively more niche and the users are either not programmers or too busy using the software to do other things they couldn’t spend any on software, a commercial player can force the issue by paying some developers to work on it. Now the quality of that work may be reduced by the developers doing it for the pay without necessarily an inherent passion for the task at hand, but it can be pretty compelling and people can tend to get invested in their work even if they don’t care to start with. Incidentally it’s why at my company when they lucked into someone with actual passion for the work comes along I advocate strongly for retention, but those folks tend to be neglected and leave while some passionless sycophant gets the retention and promotion.
Then there’s how that resource is invested. Here we have professional software versus the more prolific general consumer software. In the general consumer case, the commercial interest takes the user as a given, and goes straight into how to gouge that customer relationship as hard as possible without regard for a good user experience. Stuff them with ads. Implement telemetry with rights to sell it off for marketing data. Nag them at every corner to buy some other offering at increased price. Have a confusing set of tiers and actively screw with the bottom tier. Actually making the software fit for purpose is so far below those others. With software for business, well, you still get the ‘must subscribe and confusing portfolio’, but some of the other stuff tones down. The target market is smaller, and the potential for marketing data and advertising revenue isn’t as attractive. The target market is frequently companies that take their confidentiality seriously and will readily get a lawyer to pursue issues, so the telemetry is both less valuable and a bit of a grenade waiting to go off if something screws up. So OSS tends to cover the ‘general consumer’ cases surprisingly well because the commercial interests are so much more invested in making things worse, while business to business can actually have a chance still.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
Eh, I prefer KDE. It’s fairly uncluttered unless you actively mess with it and want it, whole Gnome is pretty ruthlessly “our way is the right way”.
Once upon a time they only allowed virtual desktops to be in a column. Someone decided that columns weren’t for everyone so obviously make it only be in a row. Despite ages of most implementations supporting a grid layout.
Window title search. This is fantastic for managing a lot of windows. I wish KDE could get better by using screen reader facilities to let you search window contents as well, but having the facility in show windows view at all is great.
Their window tiling is less capable even than Microsoft windows.
Any attempt to customize means extensions, and they seem to break the interfaces the extensions need constantly, and I had to face the reality that every update had me searching for a replacement extension because they broke one that want maintained anymore.
But either way, the open desktop shells are better than the proprietary ones.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
It’s also a good example of how an open source project manages to outmaneuver big company offerings.
Home assistant just wants to make the stuff work. Whatever the stuff is, whoever makes it, do whatever it takes to make it work so long as there are users. Also to warn users when someone is difficult to support due to cloud lock in.
All the proprietary stuff wants to force people to pay subscription and pay for their product or products that licensed the right to play with the ecosystem. So they needlessly make stuff cloud based, because that’s the way to take away user control. They won’t work with the device you want because that vendor didn’t pay up to work with that.
Commercial solutions may have more resources to work with and that may be critical for some software, but they divert more of those resources toward self enrichment at the expense of the user.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 5 weeks ago:
And by extension, terminal emulators. Pretty much any open source one is miles better than the closed source ones.
Microsoft recognized this and has dramatically improved theirs as Microsoft terminal, an open source replacement. But it still isn’t as good as a lot of other terminals.
- Comment on If these mother fuckers are trying to make me pay for Healthcare to talk to fucking ChatGPT I swear to god ChatGPT is going to write me so many scripts for opioids its won't be funny. 1 month ago:
Which is like one of the few jobs they could do just fine. Spew a bunch of nonsense and pretend it’s insightful.
- Comment on Marc Rober shows why Tesla's camera-only self-driving system is dangerous 2 months ago:
Autopilot is not FSD, but these scenarios are supposed to be within the capabilities of autopilot to react. There’s no indication that FSD is better equipped to handle these sorts of scenarios than autopilot. Many of the autopilot scenarios are the car plowing into a static obstacle head on. Yes the drivers should have been paying attention, but again, the point is autopilot even with all the updates simply fails to accurately model the environment even for what is should be considering easy.
In terms of comparative systems, I frankly don’t know. No one has a launched offering, and we only know Tesla’s as well as we do because they opt to use random drivers on public roads as guinea pigs, which isn’t great. But again, this video demonstrated “easy mode” scenarios where the Tesla failed and another car succeeded. But all that’s beside the point, it’s not like radar and lidar would preclude fsd either way. The video makes clear the theory and reality of better sensing technology and it can only improve the safety of a system. FSD with added radar and lidar would have greater capacity for safety than FSD with just cameras. The lidar might be forgiven for cheap cars historically, but the radar is bonkers to remove as those are put on some pretty low end cars. No one else wants to risk FSD like capability without lidar because they see it as too risky. It’s not that take knows some magic to make cameras safe, they just are willing to inflict bigger risk, and willing to try to argue “humans are deadly too” whereas competition doesn’t even want to try that debate.
- Comment on Marc Rober shows why Tesla's camera-only self-driving system is dangerous 2 months ago:
One, I don’t know if ‘autonomous no matter what’ is an important enough goal versus ADAS, but for another, the gold standard in the industry except Tesla is vehicle mounted LIDAR, with investments to bring down the tech price.
Merging data from different sources was never claimed by anyone to be too hard a problem, again, even Tesla used to and decided to downgrade their capabilities for cost. “It’s just not worth it” is a strange take on a video demonstrating quite clearly the better data from LIDAR than you can possibly get from cameras and the benefit of avoiding collisions, collisions that kill thousands a year. Even the relatively “won’t turn on unless things are perfect” autopilot has killed quite a few people, and incurred hundreds of accidents beyond that.
- Comment on Marc Rober shows why Tesla's camera-only self-driving system is dangerous 2 months ago:
Somehow other car companies are managing to merge data from multiple sources fine. Tesla even used to do it, but stopped to shave a few dollars in their costs.
In terms of assuming there would be safety concerns, well this video clearly demonstrates that adding lidar avoids three scenarios, at least two of them realistic. As I said my standard is not “human driver” but safest options as demonstrated.
- Comment on Marc Rober shows why Tesla's camera-only self-driving system is dangerous 2 months ago:
Lets assume that a human driver would fall for it, for sale of argument.
Would that make it a good idea to potentially run over a kid just because a human would have to, when we have a decent option to do better than human senses?
- Comment on Is 33 cents a small amount of money? 2 months ago:
True, though if we are talking about tax bracket going over 30 percent, that would be at nearly 200k, so well above those thresholds too. Of course the numbers aren’t 28 and 33, but that is the closest threshold to the example.
- Comment on Is 33 cents a small amount of money? 2 months ago:
If getting specific, there’s no 28 percent or 33 percent bracket, so these are all examples rather than real figures. I did make a comment using real numbers, same general magnitude but just more specific about the brackets.
- Comment on Is 33 cents a small amount of money? 2 months ago:
But your tax bill doesn’t go up 5%.
Ok, let’s get this close to real numbers. The cited tax brackets don’t exist, so I’ll go with the 24% to 32%. So if your earnings are 1 dollar into the 32% tax bracket, you are going from AGI $191,950 to $191,951. Your tax bill at $191,950 would be:
$11,600 * 0.10 + $35,550 * 0.12 + $53,375 * 0.22 + $91,425 * 0.24 --------------------------------- $39,110.74
And your tax bill at $191,951 would be:
$11,600 * 0.10 + $35,550 * 0.12 + $53,375 * 0.22 + $91,425 * 0.24 + $1 * 0.32 -------------------------------------- $39,111.06
Your tax bill goes up by a whopping $0.32 or 0.01% by earning that extra dollar, meaning you still got to keep $0.68 of that dollar. When they say that dollar would cause their tax bill to go up a lot, that’s pretty much exclusively owing to the misconception that people assume their tax bill would have gone to $61,424, so in the misconception that dollar would have cost them $22,313.
- Comment on Is 33 cents a small amount of money? 2 months ago:
Would have to be mandated by workplace regulations, no company is going to voluntarily educate their employees that more money has no downside.
I’ll also say this doesn’t help, it strangely avoids the actual numbers. It should state explicitly that his total taxes would be $1,600+$4,266+$2,827=$8692, and not $13200. Needs to include the scenarios specific results and contrasted with what the viewer would have assumed otherwise.