|
Tryzzub posted:people keep giving me poo poo for writing down my passwords in a book, but it has experienced 0 breaches This is fine for personal passwords, but presents some issues in an org environment where you may have to share them for company accounts, or pass them on when you quit. Certainly it's the least likely to get your passwords cracked since it's physically impossible, although I would argue that you're more vulnerable to phishing than with a password manager, and less likely to come up with long, unique passwords because you have to look them up by hand and type them in every time you log in. And you can still lose a password to a site breach since you can't control how companies handle your data, which is why unique passwords are so important. Also you wouldn't usually really know if you had a breach unless you're also signing up for a watchtower-like service or w/e.
|
#
?
Jan 6, 2023 18:56
|
|
|
|
| # ? May 30, 2024 03:08 |
|
|
Oh my god. I was clicking around in the references to the Eternal September wiki page and found one for the longest usenet thread ever. Besides doxxing everything about himself, we also find that foot freaks on the internet were just an eternal thing... Absurd Alhazred posted:You also used to get doxed on a yearly basis by a physical book everyone got for free (financed through ads). Oh come on, those were local to each community where everyone knew everyone else anyway, what could possibly go wrong with https://i.imgur.com/7O7qmtt.mp4 Aw poo poo!
|
|
#
?
Jan 6, 2023 19:22
|
|
|
Klyith posted:I think there was a big switch associated with early online forums and especially videogames, well before the whole "keep online and real life separated" thing became a recognized rule. Nobody was thinking that their posts would haunt them 25 years later -- everything online still seemed very ephemeral because websites came & went and archive wasn't well-known. We just wanted a cool alias like xXxGokuKillerxXx. ok, I'll admit I used a handle mostly because I wanted to be a cool hacker lol
|
|
#
?
Jan 6, 2023 19:23
|
|
|
Absurd Alhazred posted:You also used to get doxed on a yearly basis by a physical book everyone got for free (financed through ads). That’s not doxxing that’s assassination coordinates.
|
|
#
?
Jan 6, 2023 20:35
|
|
|
When I was introduced to the internet, the GECOS field was still normally populated with full names, several phone numbers, fax numbers, external email address, et cetera. That meant it was usually accessible via the finger protocol. 
|
|
#
?
Jan 6, 2023 20:39
|
|
|
the rule of thumb when i grew up is: internet-facing name? go with whatever, but if you need to provide it in person as some identity then make sure it's work-safe and first.last@domain is generally safe but it was trivial to have multiple email addresses running anyway
|
|
#
?
Jan 6, 2023 21:53
|
|
|
RFC2324 posted:ok, I'll admit I used a handle mostly because I wanted to be a cool hacker lol See I had to use a screen name so people wouldn't know you were a Girl On The Internet and treat you like poo poo. I think we've made limited progress on that front in the last 20 years.
|
|
#
?
Jan 6, 2023 22:53
|
|
|
BlankSystemDaemon posted:When I was introduced to the internet, the GECOS field was still normally populated with full names, several phone numbers, fax numbers, external email address, et cetera. All the cool kids had project updates in their .plan file and fed it from a socket so they could count how many times people fingered them.
|
|
#
?
Jan 7, 2023 00:14
|
|
|
Subjunctive posted:
The cooler kids fingered you and touched the innards of your system.
|
|
#
?
Jan 7, 2023 00:28
|
|
|
The only thing I ever used finger for, circa 1995, was to check which MST3K episode was coming up on the weeknight rerun. tomservo@somethingorother had inside info from Comedy Central and kept an up-to-date schedule in his .plan file.
|
|
#
?
Jan 7, 2023 00:36
|
|
|
Subjunctive posted:
back in id Software's heyday I religiously checked Carmack's and Romero's .plan every day, eager to see what they were working on wrt to Doom and such. lol. I liked messing around with gopher, too
|
|
#
?
Jan 7, 2023 00:47
|
|
|
isaboo posted:I liked messing around with gopher, too My first professional programming job, and second C-programming experience ever, was hacking on gopherd to do character set translation (Mac/Windows/Unix for extended ASCII) and then later an approximation of URL-parameter sessions. In hindsight I probably wrote some pretty sweet RCEs, but it was the early 90s so people just used the sendmail bug du jour if they wanted to break into your system. Thread relevant!
|
|
#
?
Jan 7, 2023 01:31
|
|
|
I'm planning on picking up a domain to use for email to get some important accounts off of gmail (in terms of password reset/etc...), and also probably so some local devices have a unique domain name and I can do internal certs that are actually trusted. Is there any significance to the registrar that controls the TLD? I don't mean namecheap/cloudflare/godaddy/whoever, but in terms of the various newer cheap TLDs. For example .stream says "Global Registry Services Ltd" and then lists a backend of GoDaddy. I suppose from both a 'How likely is this to get hijacked by some guy working at a company I've never heard with HQ in Gibraltar or the Cayman Islands' and then also the ones that offer private registration info like namecheap, but then if the actual registrar for your TLD is in the UAE or whatever. Not that I'm planning on using the domain for anything that would get anybody in particular upset, afaik. Better to just stick with .com/.net even if I can't get a nice short name?
|
|
#
?
Jan 12, 2023 03:37
|
|
|
Rescue Toaster posted:I'm planning on picking up a domain to use for email to get some important accounts off of gmail (in terms of password reset/etc...), and also probably so some local devices have a unique domain name and I can do internal certs that are actually trusted. I don't think hosting your own email is a better move than using gmail fyi. Everything about that sounds worse than just using gmails security features. The list of why its bad is so long its not worth typing. My advice is basically "don't roll your own crypto" but instead "don't roll your own infrastructure" for better email security.
|
|
#
?
Jan 12, 2023 05:08
|
|
|
Sickening posted:I don't think hosting your own email is a better move than using gmail fyi. Everything about that sounds worse than just using gmails security features. The list of why its bad is so long its not worth typing. I mean I'm not talking about running my own server, just pointing at an existing service like proton or something that does email using a domain you own. Have you really not heard of any of the cases of people losing access to a Google account and then getting absolute radio silence forever? And not even losing as in stolen, but as in account locked for unspecified reasons. If you're not a paying corporate gsuite customer you're just hosed. I don't think it's that crazy to want to have at least one domain and thus email address that I actually own and could move where I want.
|
|
#
?
Jan 12, 2023 05:22
|
|
|
Rescue Toaster posted:I don't think it's that crazy to want to have at least one domain and thus email address that I actually own and could move where I want. ? You can have a domain and continue to have your email hosted by Google. And you can change your email host at any time. They can never lock you from changing hosts.
|
|
#
?
Jan 12, 2023 06:18
|
|
|
Mantle posted:? You can have a domain and continue to have your email hosted by Google. And you can change your email host at any time. They can never lock you from changing hosts. Yeah you guys are way too fixated on the email/Gmail part. I would certainly consider still using gmails email service as long as it was my domain that I owned. The only reason I mentioned it at all was as one example of a reason I wanted a domain other than everything I have being free @gmail.com addresses. I was mainly curious about if there were things to consider with the various TLD options when it came to domains. In addition to the front-facing registrars there are all these mysterious companies/groups incorporated in random countries that technically own all these newer TLDs. So I just wondered about hypothetical security concerns about them going forward long term. If there's any reason to think some might be less stable than the old main ones.
|
|
#
?
Jan 12, 2023 06:54
|
|
|
Rescue Toaster posted:If you're not a paying corporate gsuite customer you're just hosed. The support is absolute garbage even for paid accounts FYI, I guess unless you're spending millions a year and then they might care.
|
|
#
?
Jan 12, 2023 10:18
|
|
|
If you’re doing email don’t get a stupid tld like .stream or even .email. Just stick with .com or your countries tld (eg .de) if you’re from a country where that’s normal (which I gather is literally everywhere except the US).
|
|
#
?
Jan 12, 2023 10:32
|
|
|
I'm curious about the Ops question, too, fwiw. Are there meaningfully greater risks to using .foo instead of .net or whatever? Use case: I want my Raspberry PI to have a real name and its services to have SSL certificates which are not self signed.
|
|
#
?
Jan 12, 2023 12:34
|
|
|
Rescue Toaster posted:I'm planning on picking up a domain to use for email to get some important accounts off of gmail (in terms of password reset/etc...), and also probably so some local devices have a unique domain name and I can do internal certs that are actually trusted. Doesn’t really answer your question, but I bought a .com domain through Namecheap which I’ve tied to SimpleLogin. Simplelogin then forward my emails to gmail. It was easy to set up, works fine and I can easily create unlimited email aliases
|
|
#
?
Jan 12, 2023 14:16
|
|
|
Boris Galerkin posted:If you’re doing email don’t get a stupid tld like .stream or even .email. Just stick with .com or your countries tld (eg .de) if you’re from a country where that’s normal (which I gather is literally everywhere except the US). The pro move is getting an Italian tld, which is .it.
|
|
#
?
Jan 12, 2023 16:03
|
|
|
My domain collection includes: - .me - .xyz (pro tip don’t use this tld for mail it’s super untrustworthy and a lot of places won’t let you use it) - .computer - .is - .link - .io - .sh - .lol - .systems I have first@last.me as my email. And no I don’t have a problem with domains why do you ask
|
|
#
?
Jan 12, 2023 16:20
|
|
|
Ynglaur posted:I'm curious about the Ops question, too, fwiw. Are there meaningfully greater risks to using .foo instead of .net or whatever? The issues that I’m aware of with nonstandard tlds for email are in no particular order: - it’s tyool 2023 but some websites still won’t validate obscure email tld addresses because it doesn’t match their outdated validation code - giving people your cute email address via voice can get frustrating (“…so it’s name@foo.bar…dotgmail.com??”) - some tlds are just plain blocked because they’re associated with spam - the company running your .whatever goes bankrupt or changes policy and hold you hostage e: oh you're not the email person Boris Galerkin fucked around with this message at 17:13 on Jan 12, 2023 |
|
#
?
Jan 12, 2023 17:09
|
|
|
Yeah I'm convinced there's good enough reason to stick with something as standard as possible for email. I'm still curious about this sort of stuff: Boris Galerkin posted:- the company running your .whatever goes bankrupt or changes policy and hold you hostage Or there's been some lawsuits around (mis)use of country codes assigned to places subject to colonialism like the .io domain. And I wonder about what courts have jurisdiction if some troll company wants to convince a judge that your domain is covered by their trademark, that sort of poo poo. If it's a 2-letter TLD of some country but operated by a registrar incorporated in some law/tax haven country? Who the gently caress knows. From a security perspective you can end up in a situation where retaining ownership and constant control of the domain is fairly drat important.
|
|
#
?
Jan 12, 2023 17:27
|
|
|
Boris Galerkin posted:The issues that I’m aware of with nonstandard tlds for email are in no particular order: This is the biggest/most common one in my mind. So many products have quick, easily enabled settings to block nonstandard domains because 99% of the poo poo coming from .surf or .friends is hot garbage.
|
|
#
?
Jan 12, 2023 17:36
|
|
|
So from a security standpoint, the default is "use a standard TLD for email". Any thoughts on security considerations for things like home labs? Does it really matter if I use .io versus .me versus .goon?
|
|
#
?
Jan 12, 2023 17:45
|
|
|
Ynglaur posted:So from a security standpoint, the default is "use a standard TLD for email". Any thoughts on security considerations for things like home labs? Does it really matter if I use .io versus .me versus .goon? I wouldn't use a new or historically cheap domain for anything important, but I have a crapton of .info domains for random bullshit from back when they could be had for pennies and they work just like any other domain for my personal toy systems. Security isn't the issue either way, it's the reputation of the TLD as far as automated filters are concerned that matters here.
|
|
#
?
Jan 12, 2023 17:59
|
|
|
Ynglaur posted:So from a security standpoint, the default is "use a standard TLD for email". Any thoughts on security considerations for things like home labs? Does it really matter if I use .io versus .me versus .goon? I use a .club for my domain stuff, and have had no issues. If I have to change its not a huge deal because being a home labs its all let's encrypt, and then you get small scale practice learning how hellish certain migrations are. Like the database migrations I am staring at with dread lol
|
|
#
?
Jan 12, 2023 18:08
|
|
|
Having to give your email address over the phone if you have a "non-standard" TLD is also a bit of a lucky dip. The amount of times people have added a .com onto the end of whatever I said, despite not ever saying .com, is probably well on its way to 100 by now.
|
|
#
?
Jan 12, 2023 18:49
|
|
|
I have encountered smaller sites that refused to let me register with a .club email. So the dip is there.
|
|
#
?
Jan 12, 2023 19:03
|
|
|
Yeah and a lot of systems filter out non-standard TLDs by default. Having a .com or even .net gets you in the door in many cases.
|
|
#
?
Jan 12, 2023 19:37
|
|
|
CommieGIR posted:Yeah and a lot of systems filter out non-standard TLDs by default. Having a .com or even .net gets you in the door in many cases. nonsense, clamdown.rear end is a solid reliable domain
|
|
#
?
Jan 12, 2023 19:38
|
|
|
CLAM DOWN posted:nonsense, clamdown.rear end is a solid reliable domain When do we get goatman.sex as an email provider?
|
|
#
?
Jan 12, 2023 19:41
|
|
|
Thanks Ants posted:Having to give your email address over the phone if you have a "non-standard" TLD is also a bit of a lucky dip. The amount of times people have added a .com onto the end of whatever I said, despite not ever saying .com, is probably well on its way to 100 by now. I yelled at a doctors office one time for doing this. I own lastname.me, gave my email as first@last.me. Didn’t see an email in my inbox, went huh where is it. Then my iCloud email address said “1 new message”. My iCloud email: first.last@me.com “You should be lucky I own that email too and you didn’t send medical information to someone else”
|
|
#
?
Jan 12, 2023 22:17
|
|
|
Our companies CTO (a person whose entire career has been this one company) has decided we are going against the grain. Security issues in code are no longer the burden of those writing the code. This stalls velocity. Those teams tasked with code security will fix the code themselves when security issues are found. When he received opposition, he mentioned that he understood that none of the tech industry does it this way but it hasn't been tried before.
|
|
#
?
Jan 19, 2023 18:06
|
|
|
I'm not sure which part is more delusional because I still have only ever worked at relatively small shops: -Security teams are able to take sole ownership of bugfix and security design -It hasn't been tried before
|
|
#
?
Jan 19, 2023 18:14
|
|
|
Potato Salad posted:I'm not sure which part is more delusional because I still have only ever worked at relatively small shops: Neck and neck, friend. Too close to call.
|
|
#
?
Jan 19, 2023 18:21
|
|
|
Sickening posted:When he received opposition, he mentioned that he understood that none of the tech industry does it this way but it hasn't been tried before. It's cool you can somehow be a CTO with seemingly no technical expertise or experience. Meritocracy truly works.
|
|
#
?
Jan 19, 2023 18:22
|
|
|
|
| # ? May 30, 2024 03:08 |
|
|
Sickening posted:Our companies CTO (a person whose entire career has been this one company) has decided we are going against the grain. Security issues in code are no longer the burden of those writing the code. This stalls velocity. Those teams tasked with code security will fix the code themselves when security issues are found. So in other words there's zero impetus for the dev teams to actually write secure code. Run, not walk, away.
|
|
#
?
Jan 19, 2023 18:26
|
|