Magnavox Odyssey
Magnavox Odyssey
How is this remotely Google’s responsibility?
I’m on MBin. Your username is displayed as: walden. I can mouse over that to learn that your full username is @walden@sub.wetshaving.social.
This is the same thing as email domain names and display names. Yes, scammers still exploit that, too, but for the most part, people have gotten used to also looking at the actual full email address, and not just the display name or mailbox name. The same can happen here.
Still, I would much prefer if the default view here showed the full username and not just the display name.
Bad actors can afford $50 the same as good ones.
The difference between $0 and $50 isn’t really relevant.
LetsEncrypt is legit. A downside is that the certs expire after 90 days. However, that also carries an upside in that it limits the damage in case a certificate is compromised. There are procedures by which you can automatically renew/request (I forget whether they allow renewing an existing cert or require a brand new one) LE certs and apply them to your application, but that can be fiddly to configure.
If you’re not comfortable with configuring automatic certificate cycling, a long-term paid cert would be more appropriate.
Other benefits:
Downside:
Gah, my coffee to blood ratio is still too low.
Illegal voting by noncitizens is far less more rare than illegal voting by conservatives.
Edit: Oops, I got my modifier wrong because I switched up the order halfway through the comment.
While “Cisco Duo” is not listed here:
The following is a list of Cisco’s trademarks and registered trademarks in the United States and certain other countries. Please note, however, that this listing is not all-inclusive and the absence of any mark from this list does not mean that it is not a Cisco trademark.
Trademarks are exactly how rules for naming things works.
Expect this name to change when Cisco comes at them for being too close to Cisco Duo.
Me either. Good thing I don’t care!
Reality has a liberal bias.
Failed fact checks: none in the last five years
“Left biased.”
Exactly.
To address the “why”:
A user account, as defined by a username/password combination, can be used to access resources on the machine without logging in interactively on that machine. In a perfect world, you would only ever log in interactively on the machine using an account with restricted permissions, and when you needed to do “administraty” things, you would provide separate admin credentials at that time (sudo, runas, whatever your OS of choice supports).
Bonus question - what are the risks of having a weak password on a root user on a spare laptop on the same network as my main device that is used exclusively for web browsing?
If someone is able to compromise that root user on Machine A, then they may be able to leverage Machine A as a platform to attack any other devices on your network, or make Machine A into a zombie in their bot army to attack other targets anywhere, send spam, whatever malicious shenanigans they desire. (I know that’s pretty simplistic, there’s a whole lot of details left out, but that’s the gist of it.)
Also, nobody has yet mentioned the PIN option. I know that Windows machines (at least some of them, depending on configuration) allow you to configure a PIN for logon for local accounts. This PIN is only stored locally on the machine, and is not transmitted anywhere else. It’s basically a “shortcut” to the full password, and I think it can only be used for interactive logon.
New band name: Sticky Anus Juice