Forgot your password?

Comment: Yes, it really is so different. (Score 4, Insightful) 265

by ysth (#48143117) Attached to: Confidence Shaken In Open Source Security Idealism

Yes, it really is so different.

With both the recent openssl and bash bugs, in addition to fixing the bug, careful investigation was done by the respective communities and additional problems were/are being addressed. I submit that this would likely not have been the case with closed source software.

Comment: Re:Ugh blowhard city (Score 2) 549

by ysth (#48135001) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

He not only makes the unrelated point, but then goes on with nonsense about when you do need to choose a password:

Even if we entertained the XKCD comic and started training users to select four random words...[w]hat is there to prevent âoeletmeinfacebookâ from being the new most common four word password for Facebook accounts?

Bzzzt. Failure to understand the meaning of the word "random" rules you out as an authority on passwords.

Comment: KDP Select (Score 2, Insightful) 165

by ysth (#47666433) Attached to: Why the Public Library Beats Amazon

There are so many indie books because, AIUI, you cannot choose to have a book included in Kindle Unlimited unless you are providing it to Amazon under the KDP Select program. This program gets you higher percentages and free marketing and promotional tools. The tradeoff is that whatever books you have in the program be available exclusively from Amazon. This is a tradeoff that is going to make sense for many authors, but is just horrible for readers. And in the long run, the lock-in this inspires is bad for the authors too.

See Chris Wright's rant.

Comment: Re:TC developer used hidden message!!! (Score 2) 475

by ysth (#47142731) Attached to: The Sudden Policy Change In Truecrypt Explained

Yes, it seems pretty clear to me that this is a warrant canary.

It may still be that they triggered it (or let it self-trigger via inaction) out of lack of desire to continue the project.

In any case, the presumed goal of the canary - making sure that no one trusts any future TrueCrypt version released via the normal channel - has certainly been successful.

Comment: Re:Preposterous (Score 1) 288

by ysth (#46919819) Attached to: Applying Pavlovian Psychology to Password Management

Because the whole point of a "correct horse battery staple" password is to make a password you can remember simply as a story. It is counterproductive to add in foreign words (to the extent that makes a story harder) or other rules like how to represent accented characters or what punctuation to put between words.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal