Vivia @vivia@toot.cat

~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

@elmau @jmanumeza @Medith

PB: The person who invented the breakpoint was named Betty Snyder, and she worked on ENIAC.

BETTY. Thank you. SERIOUSLY.

@federicomena The Unix philosophy:

- Let's use text to communicate over pipes!
- Okay, not great, but at least we can use UTF-8
- Nope, ASCII only because we can't negotiate encoding across receivers
- Well, can we at least make it machine readable?
- Nope: free-form, human readable, and can only be parsed by regular expressions
- 🤦‍♂️

English is difficult. It can be understood though through tough thorough thought.

🥔 pomme de terre
🍎 patate d'air

@Siphonay
🍉 watermelon
🍎 airmelon
🥔 earthmelon
🌶️ firemelon

Guacamole Cat!

I guess the way of thinking about crashes/bugs has changed.

It used to be, garbage in, garbage out. "Sure, it crashed because you gave it a corrupted file; don't do that".

Then it was about making software robust. "Let's try not to crash with corrupted files".

Then it was about making software secure. "Files may actually be malicious, from the internet".

People these days basically make it a sport of finding vulnerabilities based on random memory safety bugs.

tea is good

My *three* year old daughter is excited that her trousers have pockets.

Oh honey...

https://openscore.cc is a project that wants to liberate sheet music from copyright and from paper! They invite and coordinate volunteers to transcribe public domain scans from https://imslp.org using https://musescore.org. Should be a great learning experience! 🎼

“Oh, that's why there are so many men!” 🤦‍♂️🤦‍♂️🤦‍♀️🤦‍♂️

“Why is everyone on this tram? Was there an event at ULB?”
“Have you heard of Linux?”

@ifixcoinops Have you seen this handy guide?

never do tech support
never do tech
never do
never
never gonna
never gonna give
never gonna give you
never gonna give you up

#US politics explained.

Scene 1: Shocked that #Russia interfered with our elections, just because their interests aligned with a specific candidate!

Scene 2: Let's interfere with #Venezuela internal politics, since there is a candidate that aligns more with our business plans!

RT @random_walker@birdsite.link
At first sight this sounds like a terrible idea, but in fact there's peer reviewed research on measuring the security-usability tradeoff in correcting password typos, and it turns out it makes a lot of sense to do this. https://www.cs.cornell.edu/~rahul/papers/pwtypos.pdf
Screenshot HT @amunchbach

https://twitter.com/random_walker/status/1088880528302968832

Self-driving cars
Ubiquitous mass transit and bicycles

me writing programming tools: we need to make it easier to code! liberate the code! make it accessible to all!

me debugging someone else's code: you should need to train for 10 years before you can even touch a text editor, and we need a central guild body that randomly audits members, and if your code quality is bad enough you are immediately executed