|
No need to hash : ThisByteThisByteThisByteThisByteThisByteThisByteThisByteThisByte.
|
|
|
|
|
CPallini wrote: Wow, do you hash the passwords in your brain?
All my passwords are sha-256 hashes. For realz.
I wrote this program[^] which allows you to draw your password.
It's all FOSS (fully open source software), runs on all major platforms, and you can get all the source code at my github[^].
And you can even try it in your browser[^] with nothing to install.
|
|
|
|
|
A password generator you activate with a key and a pattern?
You liar!!!!
Nice job.
"In testa che avete, Signor di Ceprano?"
-- Rigoletto
|
|
|
|
|
raddevus wrote: web site login
I am not into web design, but is this still done by hand ? I would have thought that you had libraries or templates to take care of such a general website requirement.
|
|
|
|
|
Rage wrote: but is this still done by hand ? I would have thought that you had libraries or templates to take care of such a general website requirement.
That is spot on! This is the entire issue. There are so many ways to do authentication and it changes constantly and it's just a huge cluster out there. It's confusing and annoying and you could probably make a trillion $ if you could just summarize it and make it work easily for devs.
If you take the time to even do a basic search about it you'll fall down a rabbit hole and into another dimension, because the Internet is clogged up with all the ideas about authentication from the Epoch til now. It's all just a huge ball of mud.
|
|
|
|
|
Use sources like OWASP. They have great, simple (for security) guides.
If only my teammates would use them.
|
|
|
|
|
Sometimes I really hate Windows. Two triggers for this are updates change the power management settings to default, so the screensaver doesn't work any more, and the Caps Lock key loses its toggled state at every reboot or sleep cycle.
I had the second one solved a few years ago, with a scheduled task at bootup to run a simple custom NumLockChanger program. About 9 months ago or so it stopped working. Played with it a bit, and for some reason could never get it to work, although it had previously responded to the 31/131 task just fine. Cussed a lot, and never got to the bottom of it.
Changed the event being responded to to 'unlocking of workstation' yesterday. Now it works fine, although I don't have the NumLock key activated during password entry. Good enough! Microsoft - don't change this any more!!! And fix the power management bug!
1 out of 2 - success!
|
|
|
|
|
David O'Neil wrote: the screensaver doesn't work any more
If only I was that lucky.
I'm on a domain that has a policy that forces the lock screen to show up after 5 minutes of inactivity. (I'm assuming that "screensaver" in this case is interchangeable--who needs a screensaver in this day and age?)
I would love to have that disabled, especially since the machine is a remote VM that can only be access over VPN. Having its screen locking automatically provides absolutely zero benefit to anyone.
|
|
|
|
|
I have a program that runs in the background and hits a key every few seconds - this defeats the inactivity time-out. There are a few of these around on the interweb - or I can send you the source code and you can build it yourself.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
Is it native code?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Doesn't that depend on whether or not you and Forogar are in the same country?
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
|
|
|
|
|
It's in C# and uses a DLL called InputSimulator to actually send the keystrokes. You could make the native API call yourself if you prefer.
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
I have one of those. Its problem is that if the RDP window is minimized, then the keystrokes get ignored (or so it seems).
|
|
|
|
|
We have same situation. Complete VM desktops which lock every 5 minutes and are accessed only from VPN. So annoying.
Someone here showed me a trick.
Open PowerPoint.
Create blank presentation with one slide is fine.
Start a powerpoint presentation.
Alt-Tab away from powerpoint and it will be running presentation in background.
The machine will not lock any more. I have it running on my VM desktop and it worked for my wife's computer at an entirely different company.
It'll make you so happy not having to unlock computer every 5 minutes.
|
|
|
|
|
It kind of makes me sad, because it means PowerPoint is actually good for something.
|
|
|
|
|
David O'Neil wrote: updates When you bought into window ten you opened yourself up to the following type of admonishment:
"It ain't yer computer no more - so jes' shut up and and give us a bit toothy grin."
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
We have three printers on our home network. After every update I used to find that my default printer was changed to my wife's paintjet, for which I don't even have a driver installed. However, lately I just find that after an update I don't have a default printer anymore. Yuck!
Get me coffee and no one gets hurt!
|
|
|
|
|
It's because the driver for your linotype machine has been deprecated, so they keep deleting it.
|
|
|
|
|
Unngh!
|
|
|
|
|
About a month ago, I expounded on "leadership" plan to convert our flagship app to Service Now (an off-the-shelf system). Well, a couple of weeks or so ago, we had our weekly migration planning meeting, and someone on the Service Now team asked how many users we have so they could plan on an appropriate number of "licenses" to be billed.
I responded with - "well, we have 540,000 possible users, about 30,000-50,000 of which could be considered "simultaneous".
I don't think anyone was really ready for that. We tried to tell "leadership" before they made the decision to migrate, but everyone's eye were filled with rainbows and unicorns at the prospect of "saving money". Turns out that it's going to cost them a lot more than what they're spending now, and the resulting "product" is still a giant black hole in terms of what they're gonna get.
I suspect the fact that not having had a planning meeting since that revelation is them backing off, and just letting us do the web app rewrite the dev team had originally proposed.
It remains to be seen if "leadership" continues down the path, or throws in the towel before any real money is spent, but at this point, it's hard to hide my smirk of "I told you so"...
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Do we work for the same company? We're supposed to be switching to Service Now as well. (Also an enterprise with about a half-million employers, yet the vast majority would never actually access that application.)
I expect a bunch of middle-managers read a blog about how great the thing is.
That sounds like Oracle's licensing plan. (Ptui)
|
|
|
|
|
Likely outcome:
They will go ahead with the plan so that those who pushed for it don't lose face
They will, as it sucks up money with nothing to show, change the management team.
Then, after an appropriate delay, they can trash it and no one (of them) needs take the blame since the previous heads are no longer involved and aren't responsible for what happens after they've left the procject and the current heads didn't get the project into the crapper.
Then, the vision required to see that this was a decision that was ill conceived will be rewarded as they give themselves bonus'.
(i.e., business as usual).
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Except that JSOP works, IIRC, for the DoD, so:
- The DoD will complete the current project, at exorbitant cost
- Only then will they discover that it doesn't scale properly to 500,000 users and costs more than the budget of all non-G20 countries combined
- They will then (and only then) use JSOP's proposal, which - as the project is already late - will proceed on a "damn the expenses, full speed ahead" basis
- They will bury the fiasco by classifying all related documents "drop dead before reading"
(IOW, SOP at the DoD)
EDIT: corrected typo
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
modified 7-Jun-21 12:11pm.
|
|
|
|
|
Daniel Pfeffer wrote: The DoD will complete the current project, at exorbitant cost
Actually, they will NOT complete the migration, but still at exhorbitent cost. Ever heard of AHLTA? $10 BILLION invested, and it was STILL in beta as of 2011 - after 15 years of development. I don't know if it has progressed past the beta phase yet. Oh yeah - it was written using Visual Basic...
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
#realJSOP wrote: Ever heard of AHLTA?
I had to look it up. It's got its own wiki page. Apparently internally known as "Ah Hell, Let's Try Again".
Seems par for the course for a government project.
|
|
|
|