Forgot your password?

Comment: Re:password manager (Score 1) 191

by 0100010001010011 (#47997607) Attached to: Ask Slashdot: How To Keep Students' Passwords Secure?

Your local HTML script (a HTML file with JavaScript?) generally can't decide whether to send information to an arbitrary server encrypted or not.

Yes it can. Because the local HTML script doesn't send anything. I think you're completely missing the point. My local HTML doesn't interact with the outside world. I don't use it to populate any forms. I use it to determine my password.

I'm assuming your script can help you remember a password to log into, say, your airline customer account you created two years ago in order to change some bookings.

MY SCRIPT REMEMBERS NOTHING. Do you people need a drawing to understand this?

My password is formulated out of a salt (my 'password') and the website I'm booking at.

Say I go back to to book tickets. I have no clue what my login or password is. But I have a guess: The e-mail is going to be "" (I have my own domain) and the password is going to be an 8 character substring from: sha1(md5(

I have a Javascript implementation because it is the easiest. I have a little bookmarklet with the code in it. I have a bash implementation. I've written implementations in other stuff but use the Javascript the most because I use the password maker on the web the most.

Hehe, not "grease money"

I know it's not 'grease monkey'. I haven't used GreaseMonkey since I switched to Chrome years ago. It's not that funny. You see people write MAC or mbps. I haven't used GreaseMonkey in long enough to remember the proper camelcase.

Comment: Re:password manager (Score 1) 191

by 0100010001010011 (#47996255) Attached to: Ask Slashdot: How To Keep Students' Passwords Secure?

It's usually not your choice whether or not to send the password in clear text over the internet, but I strongly recommend simply not using services that don't offer encryption.

Um. Yeah. It kind of is. If I made a *local* html script and run it on my local machine. I'm fairly certain it's not sending passwords out cleartext over the internet. You can make it so that it just copies a result to the clipboard, etc.

I'm not sure why it's such a terrible example. If you're in a situation where you're scared about screen readers there's really no safe way to enter your password anyway because you might as well assume the NSA is logging everything on that machine.

Its a standalone everything. There is no grease money. I don't try to inject my password into pages.

If I ever need to generate my password I can open a .html file on my desktop and generate one.

I could write a SHA1 method for my TI-89 and use that to generate passwords. I could have a different salt depending on what type of website it was (Social, health, banking).

Comment: Re:password manager (Score 2) 191

by 0100010001010011 (#47994789) Attached to: Ask Slashdot: How To Keep Students' Passwords Secure?

You don't have to do it that way. It was a case and point on how you can easily remember a password but not your password

I made a javascript that does it locally (no sending my passwords cleartext over the internet).

If SSH to my home computer is compromised a password to Slashdot is the least I have to worry about. SSH is also protected with Google Authenticator so I have to have my phone with me to log in with 2-factor.

I use LastPass to remember my passwords but in a pinch, (not on a machine with LastPass, Last Pass goes out of business, etc) I can always regenerate my passwords.

Comment: Re:password manager (Score 1) 191

by 0100010001010011 (#47994111) Attached to: Ask Slashdot: How To Keep Students' Passwords Secure?

Why need to make it that complicate?

- Use your password as a salt and the website then cut it down to how many characters you use. Most websites allow for 8.

- md5("hunter2" + "")

- sha265(md5("hunter2" + ""))

For websites that insist on upper and lowercase or special characters I wrote my own "rot72" that will rotate the numbers and lowercase letters through specials and uppercase.

It's trivial to implement in about any language:

  echo -n | md5sum | sha1sum
f096039fd8dc0ff71e3144526321639d5ecd4622 -

Then just clip off 6-10 characters and you have a very easy to find password (I honestly don't any of my passwords) but very hard to go the other way.

For work where they insist on changing a password every quarter I add "Q1-4" to the beginning of that.

Comment: Re:Where to draw the line (Score 1, Interesting) 326

by 0100010001010011 (#47847321) Attached to: Stallman Does Slides -- and Brevity -- For TEDx

There is a long proven track record of BSD software getting embedded in commercial software and becoming effectively or actually closed.

Good call on the FreeBSD, it was before my coffee.

Anyway, FreeNAS still exists because a commercial company picked it up. A lot of big companies use BSD for some things because it doesn't have the limitations of GPLv3.

"Everything is free" is a great idea but I need to pay my bills.

Comment: False accusations? (Score 1) 1134

by 0100010001010011 (#47829303) Attached to: Combating Recent, Ugly Incidents of Misogyny In Gamer Culture

Watch Quinnspiracy Theory. It starts off like a crazy conspiracy theory but he supports it and I would actually like to hear all of the stuff addressed by those on the "Zoe Quin" side.

Another second video presenting it in a bit different layout:

All I've taken away from this is that this generation is starting to learn why Journalism is hard. If you want to be taken seriously and get the benefits of being 'media' you need to behave like media. Something tells me Barbra Walters didn't fuck her way to her position.

Comment: Re:Sigh (Score 1) 748

by 0100010001010011 (#47705297) Attached to: News Aggregator Fark Adds Misogyny Ban

What counts? Would "BIE?" a classic fark comment be banned? It's like they're trying to reinvent themselves while alienating their original demographic (Sound familiar Slashdot?).

Fark was my go-to place for link aggregation as was slashdot for my tech. Then they banned boobies on the main page. Then they had the cluster fuck "You'll get over it" redesign in 2007. After a while it really didn't feel like Fark and I went over to Reddit and every time I go back Fark seems to be pandering to what they think is the Reddit crowd to draw more users back.

Look at the Fark Archives from the week of September 11th: A Bin Laden post "bin Laden claims to have nuclear, chemical weapons (*cough* bullshit *cough*)" on the same page as "Miss World 2001 contestants. Chile wins (safe for work)".

Both of them need to go back to their original demographics, be happy with that because driving them away at the expense of your actual regulars won't end well. How's your MySpace profile these days?

Comment: Re:Self Serving Story? (Score 1) 267

by 0100010001010011 (#47693807) Attached to: Are Altcoins Undermining Bitcoin's Credibility?

Bitcoin could just become the "Gold" currency by which all other currencies are measured. $USD<=>BTC

Why does there have to be 1 currency? Why not have a cryptocurrency that is completely anonymous and fast. You just created WhoreCoin, "the digital currency for ladies of the night". There's already a PotCoin. $DarkwebCoin. PayPal coin fails miserably and the company finally closes.

Design of any system is a tradeoff and is going to have flaws. Why not carve out a usage where the flaws don't matter? Bitcoin is a bit like gold. It was an early currency. It was heavy and hard to move around. All the people rushed to mine it literally or figuratively out of the "nothing". Let the price track like gold.

Then have it as the 'keys to the kingdom'. Pass a law that says the only legal cryptocurrency is Bitcoin and that only bitcoin$USD is legal.

Both sides win. Bitcoin is regulated, taxed, treated like a legitimate currency and then each corner of the dark web can have their own private currency and BTC(Private Currency) exchange boards.

Chicago Board of Trade and Chicago Mercantile Exchange, in an attempt to appeal to get the younger crowed excited in commodities, adds Bitcoin. It becomes another traded item just like pork bellies. (They remake Trading Places with Eddie Murphy and Dan Aykroyd as evil rich adopted brothers. Kevin Hart plays homeless scam artist. Chris Pratt plays a spoon fed Bitcoin analyst.)

Congress passes a bill that authorizes a $1M purchase of bitcoins to act as a pseudo central bank. Congress and old people feel like they've thrown 'plenty of money' at the problem. If you walked up to a random stranger on the street you might be able to sell them one for $5. Put 1 BTC on a printed wallet and walk around a retirement home selling them for $1 a piece after you explain what they are. Plus they'll think they have control over it. "$1M for a bunch of pretend money is plenty.".

Work continues in this area. -- DEC's SPR-Answering-Automaton