Also possible to get a heatmap of a keyboard to see what keys were pressed last. I've seen this attack carried out in a youtube video, where a hacker could log back into a kiosk terminal simply by grabbing the heat signature emitted from the last few keys pressed.
I like the happy medium of one ultra quantum unbreakable master passphrase which is used to unlock easier to guess passwords. SO somebody owned your Imgur account full of memes. So what? Always assume an account is breakable.
Anxiety is a complicated subject, and can be interpreted differently depending on the sufferer's knowledge of certain areas of neuroscience and psychology. I've been lucky to study anxiety deeply enough that it no longer has control over me. As a sidenote, anxiety comes from the German word for anger, and is the result of unaddressed internal dialogue within the sufferer, closely related to cognitive dissonance, or witnessing too many paradoxes throughout the day. Avoid paradoxical thinking - it gets in the way of the task at hand, which is usually something mundane like getting in a lift, or even walking the dog.
According to Wiktionary, anxiety comes from Latin "ango" ("to anger" - which also has the same root!), which in turns comes from Proto-Indo-European "*h₂enǵʰ". Closely related German words are "eng" (narrow) and "Angst" (anxiety).
XKCD's diceware argument fails under certain conditions. Computationally very hard to crack, but when plucked from actual phrases that have been uttered; weak.
So to give an example, any natural language phrase like:
"I took a walk in a park" is easier to crack.
I am certain there is somebody coding an infinite-monkey-type bruter to crack diceware as we speak:
Diceware proper is not 'plucked from actual phrases that have been uttered'. It's a random sequence obtained by throwing a dice a number of times (hence the name). This means you can't lookup your e-book collection for an exact phrase to use (eg. a famous quote).
Moreover, diceware can be set up with any dictionary, and nobody stops you from computing your own dictionary. If you do that, good luck to the bruter attempting to break your passphrase!
BTW there is no limit on the number of terms in your diceware passphrase, so if/when brute force makes 5-term phrases too weak, users may just add one or two more terms.
Yeah what I meant is that sometimes the phrase appears like natural language, and was probably uttered once, if not on a stray ebook than somebody once said it. Of course then we have have the question of whether history starts the moment it is electronically recorded.
If NLG upsets you, you can always settle for a Markov chain and some atmospheric noise to seed the random values
I'm not sure I understand how an infinite monkey attack would work against diceware.
Let's assume a word list of 7776 words. All words are lower case alpha. The attacker has pur wordlist. And the attacker knows there are seven words in the passphrase.
That's still 7776^7.
Even if we prune the wordlist ("I'm not using 'zerg' in my phrase", "I rolled 11111, that's not random so I'll roll again") it's still not an attackable space.
As a rule of thumb, I would go after natural language phrases first, because it is impossible to tell if the phrase was machine-generated. It's nearly impossible to arrange dots randomly on a page with a pencil because there is always some structure or engrained rigidity in human guesswork. There is also the possibility that the dots were done by 'inception', and certain biases were programmed in via subliminal messaging. Don't trust humans to do a machine's tasks.
Humans use dice to generate randomness. They throw 5 dice, to get a five digit number. They look up that number on a list to get a word. They repeat this process until they have a 7 word phrase.
So, there are weaknesses if humans roll the 5 dice and get 1, 1, 1, 1, 1 and then say "That's not random, I'll roll again"[1] or they roll a number, look it up and say "I'll never remember 'zerg', I'll roll again".
Rolling again, is no weakness at all. The next roll is also random and exactly as unguessable as the first. If the game was done 'without replacement' then the field would be reduced, but it isn't, and the field is unimaginably huge anyway. There is no effect whatsoever by 'rolling again' until you are happy with the result.
My buddy Tom always generates UUIDs by hitting the button several times. It gives him pleasure to 'waste' all those random numbers.
By rejecting a certain pattern you weakening the whole password scheme. It is no longer random, it is human chosen.
An attacker can under certain circumstances exploit this behavior. For example, if they notice you are picking shorter words or words that consist of certain characters, they will have an easier time to crack the password. Whole categories or patterns can be rejected because of that, reducing the search space.
An extreme version of your method, is picking only the patterns that relate exclusively to you, like picking your favorite music or hobbies. Then the whole scheme becomes useless.
Curious notion. So, if a guy got that "human chosen" pattern randomly, they got rooked? He has a very breakable password, while the rest of us got good ones? Sounds like the whole algorithm is busted.
I see this a lot now, with the proliferation of libraries that allow for arbitrary passwords. Possibly some form of systemic trickling down of bad practices into software with horrible consequences
"Your password must contain the seventh circle of hell, and a Taco Emoji"
I call this 'inventor syndrome' because innately people want to better the world in some way, instead of just leech from technology.
MY only issue with that approach is people re-inventing the wheel. There is more code on Github than one could imagine, and not enough people evangelizing for Less-lines-of-code.
Of course it may take a programmer two decades to realize this, but what's the phrase:
"In the beginner's mind there are many possibilities, in the expert's mind there are few"
That will not get you accurate results for HN data analysis since a) those accounts only tweet important links so analysis will be biased b) you can only get 3200 tweets at a time. (This is a Twitter API limitation)
I hear you. Raw unfiltered links always have hidden gems.
One thing though: Greptweet has an archive somewhere with a huge trove of tweets that users of the service have searched for, and were thus logged and kept. (Some even go over the 3200 limit). It's a massive Tarball, so set aside time to download it and parse out boring/noisy links.
A lot of HN links are tech-press posts which consist of hearsay and merely proxy the thoughts of others. The recent changes in HN with regards to more academia-style posts is refreshing.
This is why I know of people using phablets for the very reason of getting more done because of a bigger screen. The reverse of phablets to get work done is using several 4K screens or 'Bloomberg terminals' to do your computing. A rare sight and experience to behold
Why is it called "content" blocking. This is network filtering. There is nothing especially substantial to ADs other than they hoover up your browser fingerprint and target the wrong ADs at you. Something I am not content with (no pun intended)
Encapsulation is certainly new and exciting stuff. Web Components could kick off in a big way.
My only problem is the range of different widgets that all do the same thing. Already there are countless select-box widgets like Chosen, Select2, Dropkick, etc
We need one to rule them all, and one we can all agree on using.
