Deddly changed the topic of #KSPOfficial to: Kerbal Space Program official channel | versions: KSP1 1.12.2 http://bit.ly/ksp112update | Rules: http://tinyurl.com/KSP-Rules | "modcall" to call ops | Δv maps: https://i.imgur.com/CHVnEeE.png https://i.imgur.com/gBoLsSt.png | KSP coming to PS5 & XBox X/S, with kb & mouse support https://bit.ly/3Abadja
darsie has quit [Ping timeout: 192 seconds]
Wastl4 has joined #KSPOfficial
flayer has quit [Quit: Leaving]
Wastl2 has quit [Ping timeout: 189 seconds]
<UmbralRaptop> Yay, metal bands
raptop has joined #KSPOfficial
Alanonzander has joined #KSPOfficial
Azander has quit [Ping timeout: 189 seconds]
Alanonzander has quit [Ping timeout: 189 seconds]
Azander has joined #KSPOfficial
Ezriilc_ has joined #KSPOfficial
Ezriilc has quit [Ping timeout: 189 seconds]
Ezriilc_ is now known as Ezriilc
Ezriilc_ has joined #KSPOfficial
Ezriilc__ has joined #KSPOfficial
Ezriilc has quit [Ping timeout: 189 seconds]
Ezriilc__ is now known as Ezriilc
Ezriilc_ has quit [Ping timeout: 189 seconds]
<raptop> Characterization of 2 Near-Earth asteroids (lots of metals, so you get sensationalist headlines) https://iopscience.iop.org/article/10.3847/PSJ/ac235f
Althego has joined #KSPOfficial
Tank2333 has quit [Remote host closed the connection]
Ezriilc has quit [Ping timeout: 189 seconds]
sasamj has quit [Quit: Connection closed for inactivity]
flayer has joined #KSPOfficial
immibis has joined #KSPOfficial
prefixcactus has joined #KSPOfficial
darsie has joined #KSPOfficial
sandbox has joined #KSPOfficial
sasamj has joined #KSPOfficial
_whitelogger has joined #KSPOfficial
Dazzyp has quit [Ping timeout: 192 seconds]
Tank2333 has joined #KSPOfficial
Pytagoras has joined #KSPOfficial
erio has joined #KSPOfficial
Pyta has quit [Ping timeout: 189 seconds]
estorado has quit [Ping timeout: 189 seconds]
estorado has joined #KSPOfficial
Rhys has quit [Quit: R.I.P]
dnsmcbr has quit [Ping timeout: 189 seconds]
Kevin has quit [Ping timeout: 189 seconds]
Rhys has joined #KSPOfficial
Kevin has joined #KSPOfficial
eriophora has quit [Ping timeout: 189 seconds]
dnsmcbr has joined #KSPOfficial
Tank2333 has quit [Remote host closed the connection]
<Mat2ch> oh, y'all got news about the twitch hack? Go reset your twitch password, if you haven't done so yet
<umaxtu> was just popping on here to say that
Althego has quit [Quit: Leaving]
prefixcactus has quit [Ping timeout: 189 seconds]
MrTikku has quit [Quit: Lähdössä]
LunchBot has quit [Remote host closed the connection]
LunchBot has joined #KSPOfficial
<raptop> hrm
* raptop is going to end up with firefox saving tons of passwords because memorizing them all is impractical
<kubi> unless you have some logic that compiles in the site itself to the password
<kubi> and of course update all the passwords at the highest frequesncy required by the sites
<kubi> ... and get annoyed with stupid limitations on passwords (capital, number etc) that are actually decreasing the potential password pool instead of making it more secure
<flayer> i'm really annoyed at my current password situation
<flayer> all of my regular passwords have been compromised, and i can't be bothered to learn new ones, so now i need to find a tool that i can trust to manage passwords for me
<kubi> L0reMiP5umTw1tt3r
<raptop> obviously hunter2 -> hunter3
<kubi> your passwrm must contain at least 3 non alnum characters, but cannot be longer than 8 chars
<flayer> yeah, so annoying all the specific and varied requirements they put on passwords nowadays
<kubi> only requirement should be is a minimum length
<kubi> maybe not even that
<kubi> anything else is just limiting the pool of potential passwords
<kubi> if it MUST contain a number, then ther WILL be a number
<raptop> Min length makes sense. Max length can be justified, but basically no place with an explicit maximium has a reasonable one
<kubi> so, instead of [a-zA-Z0-9][a-zA-Z0-9] it will be [a-zA-Z][0-9] or [0-9][a-zA-Z]
<kubi> that is a much smaller pool
<flayer> "but you can't trust people to make a good password without being forced into certain choices
<flayer> "
<raptop> Also, there's the whole "special character silliness"
<kubi> yes
<kubi> it should be enabled
<kubi> no limitation on the actual characters
<raptop> hrm, s/ silliness"/" silliness/
<kubi> even unicode
<raptop> yeah
<kubi> actually, professional system with customers in China or Japan have this req
<raptop> I can understand showing a non-blocking warning for non-ascii chracters, but outright rejecting is bad
<raptop> (the warning being "please make sure you can actually enter this password consistently")
Pyrus has quit [Quit: ZNC - http://znc.in]
<kubi> exactly
Pyrus has joined #KSPOfficial
<kubi> having a minimum length is OK
<kubi> it dow not limit the pool too much as each length step brings 10++ times more
<FLHerne> kubi: I think character-set enforcement is probably reasonable
<kubi> why?
<FLHerne> If someone's using a long and random password, the impact is pretty much nil
<raptop> Is your site going to break if someone's password includes a space or a #?
<FLHerne> (because if they're using a wide character set, it's statistically almost certain to contain one of each type anyway)
<kubi> character set is a requirement usually in non-latin countries
<kubi> ppl tend to think that we have only latin or even worse, the english alphabet
<FLHerne> and it makes the 90% of users who'd otherwise use some short one-or-two-word dictionary password somewhat less brute-forceable
<kubi> and most of the population lives on that side of the globe...
<FLHerne> kubi: Sorry, I meant enforcing using digits, punctuation etc.
<FLHerne> other alphabets should definitely be allowed
<raptop> I'd be worried about charset reqs being a surprise break so you can't use eg: wide latin characters
<raptop> (among other things)
<kubi> do not enforce any digits
<kubi> any character level enforcement is limiting the variety of passwords
<kubi> make it as wide as possible
<Mat2ch> kubi: we could have Zero knowledge proof as method to sign into web sites. But apparently passwords are soooooo much better
<Mat2ch> and nobody at Firefox cares about innovation anymore.
<kubi> you can limit on simple patterns, like do not use your login name, or 1234556789
<FLHerne> kubi: for a long random password, the "limiting" is totally negligible
<kubi> yes
<kubi> and no
<kubi> because what we were taling about the beginnin
<kubi> having different sites limiting you in different ways would make you using password managers (from postit notes to whatever else tools)
Baumfaust has joined #KSPOfficial
Baumfaust has quit [Remote host closed the connection]
<FLHerne> For a 15-character password, the probability of *not* containing at least one digit if you use A-Za-z0-9 and a bit of punctuation is about 2%
<kubi> yeah
<kubi> but one site says no punctuation
<FLHerne> that's pretty much no reduction in password space, for a dramatic increase in security of the 90% of passwords that people don't construct properly
<kubi> other says max 12 characters, 3rd says no kanji
<kubi> it is not the space
<kubi> not only
<kubi> that is the basic thing you need to worry about in relation to one site
<FLHerne> I'm sure password managers can handle this
<kubi> until you keep them safe
<FLHerne> If anything, it discourages users from reusing the same "random" password for multiple sites
<FLHerne> (which I'm aware of people doing)
<kubi> yes
<kubi> never underestimate ppl
<kubi> the best when I get from the site that your password can\t be the same as any of the 5 last and can't differ by only one character from them
<kubi> now, tell me, how th they know if it is only one character without storing the clear text?!
<kubi> then using the same "random" for multiple sites would just make sure that the operator of site A can reach all of the others
<FLHerne> In principle, they could store hashes of all one-character variations
<kubi> but random people are not prepared for this
<FLHerne> would be an awful lot of hashing though
<kubi> actually, an unhashed character sequence should not even leave my computer
<FLHerne> Indeed
<kubi> if I\m more paranoid, then not even my keyboard:)
<FLHerne> They *could* hash all one-character variations in JS in the browser
<FLHerne> but it would take a while
<kubi> yeah
<FLHerne> and the number of hashes sent would leak the password length unless there was padding
<FLHerne> I can't think of a reasonable way to do it
<FLHerne> but maybe there is one
<kubi> so, anyway
<kubi> whomever had the same pass for FB and anything else nowadays, go and refresh
<packbart> kubi: if you're sending out hashed passwords, the server needs to store plaintext passwords
<kubi> I was not precise
<packbart> or use a challenge-response login thing with nonces
<packbart> but nobody seems to like those
<packbart> (for a website, that would probably require JS to login. I can live with that)
<kubi> yes
<kubi> public-private keypairs etc. is far better than this password things
<kubi> if you have a secure channel and you trust the server then a password is OK
<packbart> the plain password would still leave your keyboard
<kubi> no other circumstances
<kubi> unless you have a proper keyboard :)
<kubi> but then it leaves your fingers...
betelgeuse has joined #KSPOfficial
<packbart> ID card authentication + fresh blood sampler
<kubi> what you have and what you know is normally needed, but makes the system complex
<kubi> I like the bankID in Sweden
MrTikku has joined #KSPOfficial
<packbart> I used to use a Yubikey. it was a pain to recover accounts when it broke ;)
<kubi> recovery must be difficult or else anyone can recover
<kubi> you should not optimize for the easiness os it
<umaxtu> I still have my Yubi neo. don't use it much these days
Lyneira has joined #KSPOfficial
<raptop> Anyway, I'm getting through some mandatory security training that is talking about the importance of defending against phishing
<packbart> kubi: for one account, I had to receive and return a form by (snail) mail. for other, I had to e-mail photographs of me holding my ID card and a note
<kubi> yes
<kubi> or even in person auth
<packbart> I wouldn't think that to be useful
<kubi> bank ID SW certificate recovery requires you to go to the bank (that is the proxy of the authority, i.e., the state) or use a bank card reader to make it easy
<packbart> it's not much different from a photograph of me, ID and note saying "$date, $service, please reset my 2FA"
<packbart> I had to redo one of them because they need to see my arm holding the things
<kubi> yes
<packbart> so you couldn't shop it
<kubi> that is good
<kubi> so, making the recovery painful is not an issue
<kubi> if it is painful you do not make a mistake again
<packbart> or else it gets the hose again
<kubi> actually, all the smart card auth things are good
<kubi> like most ID card nowadays
<kubi> the stupid thing is that there is no world wide infrastructure and standard to make it ubiquitus
<packbart> and no good software, either
<packbart> trying to get the internal smartcard reader on a laptop to work was no fun
<packbart> (stupid me, using Linux, I know)
<kubi> that is why there need to be proper standards
<kubi> and a standard, by definition is accessible to everyone
<kubi> not patented and stuff
<packbart> well, there's often a fee
<raptop> kubi: interestingly, this means that ISO doesn't publish standards
<raptop> Consider eg: ISO 8601. It's in 2 parts that cost 158 CHF and 178 CHF respectively
XXCoder has quit [Ping timeout: 189 seconds]
<packbart> an argument can be made that offering those for free would require sponsorships by states or corps
Ezriilc has joined #KSPOfficial
Eddi|zuHause has quit []
jazzkutya has joined #KSPOfficial
Eddi|zuHause has joined #KSPOfficial
<packbart> (leaked) "Every other property that Twitch owns including IGDB and CurseForge" - hm. that might be relevant to KSP modders
<packbart> I usually quote sources but I guess the piratebay-Link/bittorrent-hash to the leaked archive is not interesting to anyone here? :>
<raptop> hrm
m4v has quit [Ping timeout: 198 seconds]
flayer has quit [Quit: Leaving]
flayer has joined #KSPOfficial
m4v has joined #KSPOfficial
<kubi> some $ is not an issue
<kubi> for an individual it can be a lot
<kubi> but if even a small company can afford these easily
<kubi> the problem comes with lock-ins and so
<kubi> also, of course the bigest cost is if you want to connect your service to any of these platforma
<kubi> like payments
<kubi> security platforms are the same
<darsie> Connor Kerman was stranded on Minmus. A drone whizzed by him sending a message that he should get home alone. He jetpacked to orbit, then to Kerbin, aerobraked, refuelled his jetpack in the space station and did a jetpack deorbit. Because his parachute didn't work, he splashed down near the KSC. Hmm, I could have tried updating his status in the space station.
<sandbox> there can be only one
mrBlaQ has quit [Ping timeout: 198 seconds]
mrBlaQ has joined #KSPOfficial
mueslo has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
jazzkutya_ has joined #KSPOfficial
jazzkutya_ has quit [Client Quit]
TGS has quit [Ping timeout: 189 seconds]
G4Virus_aka_pa1983 has quit [Ping timeout: 189 seconds]
G4Virus_aka_pa1983 has joined #KSPOfficial
TGS has joined #KSPOfficial
a_flayer has joined #KSPOfficial
flayer has quit [Ping timeout: 189 seconds]
<Mat2ch> SpaceX is lifting the catch arm mount right now
<Mat2ch> finally something big is happening!
raptop has quit [Ping timeout: 189 seconds]
raptop has joined #KSPOfficial
Lyneira has quit [Quit: Bye]
XXCoder has joined #KSPOfficial
XXCoder has quit [Remote host closed the connection]
XXCoder has joined #KSPOfficial
sandbox has quit [Quit: Leaving]
flayer has joined #KSPOfficial
a_flayer has quit [Ping timeout: 189 seconds]
Tank2333 has joined #KSPOfficial
darsie has quit [Ping timeout: 198 seconds]