Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.

Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”

Problem is she was found brain dead in first trimester. That doesn’t make for good chances for the fetus.

If it was third trimester, then ok I can see it, but this is going to be even more tragic trying to make the fetus live.

There’s not particularly good reason to stop doing it in that scenario either.

You have an offline technology stack in that elevator that has been doing the job correctly for 20 years. Why take on the expense and risk of changing things that aren’t currently broken?

It would be crazy if you are building new to resort to that stack, but for an established elevator, why bother?

Same for some old oscilloscopes at work. I’m not crazy about the choice but I can hardly suggest it would be practical to change it while the oscilloscopes still do their function.

I would say it’s a problem if the stack is online, but if it is self contained, the age of the software doesn’t make it a problem in and out itself.

If your knees are screwed up from “just turning 30”, then that indicates an expectation that you don’t need injuries to have bad knees.

Repetitive impact injury can screw things up, but the vast majority of people bemoaning their old age joints especially in their 30s are not exercising enough and/or are obese.

Whatever the case, bring it up to your doctor, didn’t assume changes like this are just normal/expected.

That is a rough situation, as from experience I can say trying to maintain a healthy weight will cause the obese folks in the family of accusing you of being anorexic and take any opportunity to try to get you to fatten up.

They also marvel about how I must have good genetics because my back and legs don’t hurt and my blood tests come back so good at physicals.

There’s a sweet spot. Go too easy and they get screwed up and go too hard and they screw up.

But it’s true that being reasonably active helps a ton. Someone I know who complained of joint pain as they retired claims it went away as his leisure time caused him to walk all over the place, and now he’s 70 with no joint pain. Closest he got was when we spent two hours in a crawlspace working on some frozen pipes and complained that his back hurt a bit and wondered if it was because he was old. No, even the 20 year old hurt after waddling around hunched over in freezing temperatures for a couple of hours.

Sure, you could do something like that to normalize all manner of passwords to a manageable string, but:

• That hash becomes the password, and you have to treat it as such by hashing it again server side. There’s a high risk a developer that doesn’t understand skips hashing on the backend and ends up insecurely storing a valid password for the account “in the clear”

• Your ability to audit the password for stupid crap in the way in is greatly reduced or at least more complicated. I suppose you can still cross reference the password against HIBP, since they use one way hash anyway as the data. In any event you move all this validation client side and that means an industrious user could disable them and use their bad idea password.

• if you have any client contexts where JavaScript is forbidden, then this would not work. Admittedly, no script friendly web is all but extinct, but some niches still contend with that

• Ultimately, it’s an overcomplication to cater to a user who is inflicting uselessly long passwords on themeselves. An audience that thinks they need such long passwords would also be pissed if the site used a truncated base64 of sha256 to get 24 ASCII characters as they would think it’s insecure. Note that I imply skipping rounds, which is fine in such a hypothetical and the real one way activity happens backend side.

Based on the backstory, they kind of did what you said, bought it in a relatively more affordable context, and then the world changed their minds around them and retroactively declared it a multi million dollar property. Well at least for tax purposes and likely insurance, but not necessarily market rate (tax assessments commonly lag the market, so a market downturn could leave them with a multi-million dollar house that no one will pay the stated value for

But if you built your house in a relatively undesirable place and the area gets gentrified due to no fault of your own, now you have to get out of the way because richer people decided they like your land after all?

Actually it’s a pretty bad problem to have. If you bought an affordable house at the time but gentrification comes for your area you suddenly can’t afford to live in the house you bought and despite whatever roots you’ve put down, now you have to try to migrate somewhere else.

Note that even if your tax assessment says you can get a few million out of your house, it’s likely not that easy, it can take a long time to find a buyer in the best of times, I imagine especially if you are seeking a buyer willing to pay millions…

It’s not as bad as renting in the same scenario, but it’s not great to suddenly have rich person cost of ownership come at you when you bought into a non rich person level house

Actually it wastes very little of his time compared to the time wasted by people that would try to read it. That’s precisely one of the most frustrating things about LLM, easy to flood a reader, no easier nor more interesting than the short prompt used to make it would have been instead to read.

That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm

Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq

A 24 char passphrase while not as bulletproof as a machine generated string is still credibly strong even to offline cracking attacks when possible. In all the datasets of passwords acquired through that sort of cracking I don’t think I’ve ever seen it catch even a 4 word passphrase.

Though it could also amplify DDOS. Allowing 72 character passwords lets a DDOS be three times rougher despite being a seemingly modest limit for a single request.

If a password/passphrase is 24 characters, then any further characters have no incremental practical security value. The only sorts of secrets that demand more entropy than that are algorithms that can’t just use arbitrary values (e.g RSA keys are big because they can’t be just any value).

Back in the day, long time ago, Unix would do that, and limit user silently to 8 characters.

Which then wasn’t great, but a good password would be hard to break even at only 8 characters with equipment of the time.

We would do a cracking test against the user passwords periodically and ding users who got cracked. Well one user was shocked because they thought their 16 character password was super secure and there’s no way we would crack it. So we cited her password and she was shocked she went through so much trouble only for the computer to throw away half her awesome password.

So I just went through something similar with a security team, they were concerned that any data should have limits even if transiently used because at some point that means the application stack is holding that much in memory at some point. Username and password being fields you can force into the application stack memory without authentication. So potentially significantly more expensive than the trivial examples given of syn and pings. Arbitrary headers (and payloads) could be as painful, but like passwords those frequently have limits and immediately reject if the incoming request hits a threshold. In fact a threshold to limit overall request size might have suggested a limited budget for the portion that would carry a password.

24 characters is enough to hold a rather satisfactorily hardened but human memorable passphrase. They mentioned use of a password manager, in which case 24 characters would be more entropy than a 144 bit key. Even if you had the properly crypted and salted password database for offline attack, it would still be impossibly easier to just crack the AES key of a session, which is generally considered impossible enough to ignore as a realistic risk.

As to the point about they could just limit requests instead of directing a smaller password, well it would certainly suck of they allowed a huge password that would be blocked anyway, so it makes sense to block up front.

I thought let’s go Brandon and 1488 were just so stupid and for many of the same reasons, I don’t like this concept of 8547

it feels like trying to be “clever” and saying something right in front of people without those people catching on, when everyone knows what it means. Those people you are trying to “own” by using an “inside reference” against them know the reference, and aren’t going to treat you differently than if you just plainly declare what you want. So just speak plainly.

Even without Gemini, many of my searches are covered by the few word snippets from the top few results. Most of my searches are quick queries with quick answers, usually not me embarking on some huge research effort.

The environmental causes are availability of options we crave but are still not forced into, so individual responsibility is absolutely a thing.

I was obese and it sucked but I got down to a healthy weight, and keeping it off kind of still sucks but it doesn’t take a lot of time or money, in fact it’s generally cheaper.

Fast food is constantly highlighted as an impossibly unhealthy reality, the nicer places cost more and take too much time. Except you can choose passable choices in fast food.

If you can freely pick, there are fast food places that offer salads with maybe some grilled chicken, which can be healthy unless you opt to drown it in ranch.

But let’s say you are in a group and they pick a restaurant without an option like salad. Just asking for water instead of a big sugary drink gets you so much closer to healthy. Skip the fries, skip the mayo, get a smaller burger. All these things are cheaper and friendlier to a reasonable caloric budget.

It sucks because it means eating to feeling “ok” while skipping the most awesome foods and rarely getting to feel just utterly full, but that was just life when people had healthier weight.

Similarly on activity. It does suck that work has people sedentary, but our idle pursuits are similar. When I was a kid, TV was stuck on a schedule and video games were only so engaging, so we would get bored and want to do something. Maybe it was walk amongst some trees to see if anytime interesting was around. Maybe do something with a ball. Nowadays we can get endless engagement from streaming, video games, and Internet. So tempting to just be on the couch. We can still choose those more active things, but we don’t want to.

Note all this awesome stuff is still great in moderation. I just went full on gorging at a restaurant a week ago on pretty much whatever I wanted. The thing is this is maybe like once every 2 or 3 weeks, not daily like we really want to.

Actually, if I recall it was ultimately still slightly less than half (after the massive excess of California votes that don’t count came in). He still had the most votes of the candidates, but no candidate garnered more than half.

Which is really just splitting hairs on a technicality, ultimately 77 million people voted this way, and it would have still been a deep problem even if Harris had won the popular and electoral votes.