• 0 Posts
  • 86 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle




  • Worked at a major company you would instantly know the name of.

    They were a large corporation but were not public ally traded. Trillions of dollars in assets with more than 60k people employed.

    DEI was a MAJOR push, with not just required corporate training but also sessions held often for minority groups of all types to speak their minds in forums about how to connect with them etc.

    DEI initiatives and campaigns were a thing, VP of DEI was hired and they had a whole subsection under HR. Corporate events, entertainment, whole virtual bands playing to the theme of inclusion.

    This same company did nothing when facing the burning obvious culture of being yes men to their bosses. They did nothing different than most any other massive rich company for how they treated workers, tracking their activity, location, and even physical assess login to buildings for reviews or as excuse to fire.

    In an large address by a major leader in the organization I personally gave virtual written innocuous feedback, that they asked for, only to have that be met within minutes with being told never to do that again. The message wasn’t even seen by the speaker. It was just purely culturally unacceptable to offer any constructive criticism of any kind to people in high enough authority.

    More than half a dozen people messaged me to tell me they appreciated I gave it public ally and it needed saying. I didn’t know any of them.

    So if people are so important and we value voices being heard equally so much, why would you have people desperate to be treated like people and any such statement be met with greats of reprisal?

    Yeah. DEI is fan fare in the same way the office cafeteria and gym were. They are designed to entice talent to come or stay while costing the company minimal amounts to do so.






  • If you were alive in 1960s America, you would have seen no seat belts, significantly lower life expectancy, children still dying to smallpox and polio, and if you are ethnically from the Middle East; everyone in America would have hated you. Race riots were a massive thing in the 60s, police brutality was rampant against people of color. Even the FBI was trying to suppress race progress.

    You have presidents for decades trying to create racist drug politics to entrap only non-white non-affluent people into cyclical prison systems.

    You have so much hidden then, that happens today, but it was both hidden and far far greater.

    The ideal doesn’t exist at all and more so for someone like yourself.




  • Notice how I didn’t just use the service name?

    <Disco>

    <Netfucks>

    <MailGoog>

    Whatever nickname you use for your services. There is no requirement you also use the service name in the tagging template.

    The idea that a breach of a service would have someone looking at your individual password is also pretty silly. There would be variations and pattern matching Lagos run against lists of hundreds of thousands to millions of passwords… but the decryption of a complete password to plain text is so reductions at this point, we are talking about the 0.01% case of a then even more silly “let’s look at this guys password in particular” 0.0001% case on top of it…

    It’s not a real problem because if your service is at the point it is leaking not just salted and hashed passwords, but plain text passwords: you are in a big problem up no matter what for most users. Almost everyone reuses passwords. The real risk is the simple reuse. Get just a slightly different variation and you are miles more secure in the case of a breach that results in full decryption.

    The majority still reuse Password1234! Everywhere. This gives you a easier way to be miles better.

    Better still of course is some sort of managed password vault, assuming you trust their implementation. However, this costs zero in the training, or tech literacy upskilling that even the moderate change to a password vault requires. It’s simply an extension of what people already intuitively know. Thus, barrier to entry is easier while giving you several orders more protection.





  • You can take this a step further to segregate passwords as well.

    Reusing passwords across devices is bad. If one gets compromised you don’t want a password being out into a brute force table to be used with all your other accounts elsewhere.

    This method of tagging using HTML markup styles in your passwords lets you keep the same core passphrase but alter the tagging, specific to the service.

    You can do this easily while also giving you artificial password complexity.

    Example:

    Core passpgrase is “yogurt”

    Password for gmail becomes markup with a <mailPassGoog>yogurt</mailPassGoog>

    I only need to remember yogurt.

    Every device just gets a truncated service tag appended to the beginning and end using HTML style tags.

    Suddenly you have a 26+ character password that you don’t forget and doesn’t compromise you across other services because each is different.