That system is vulnerable to social engineering attacks. If hackers found out all their favourite things that lead to the core part of the password, guessing the prefix wouldn’t be that hard. Also, what would your friend do if one of these passwords got compromised and had to change it? Would he just add a 1 to the site-specific part of the password?
Agreed.
A lot of the time the cause of bad UX or poor quality code is not the Devs, but management, one way or another. Either through pressure to build more to increasingly delirious timelines or by not looking after their company culture.
You tend to see nonsensical, disjointed product UX and usability decisions a lot more in bigger, highly hierarchical organisations, with big teams, highly specialised, siloed ICs several levels removed from their end users by layers and layers of middle management fat.
I imagine if HSBC put out apps like OP’s article claims is because they probably follow a command and control structure like above, where developers are just tiny cogs hyper-focused on low-level tasks in a bigger, complex corporate machine and nobody really understands the full picture.
But you can validate the business rules with the people that make them: the business or your users?
I get some companies do things pretty fucking backwards and QA as a separate function is harmful, pointless and should be abandoned.
However, I don’t see how anyone from QA is going to physically stop your from testing and validating your code. As a dev, you could be more proactive in understanding what you’re building, why you’re building it, and how to make sure it works and it does what your stakeholders/users need it to do.
If you don’t, then refer to OP’s post.
Yes they would, in theory, because those prosthetics she’s wearing were NHS-funded. I can see the waitlist to get ones like those being pretty fucking long though but hey, what NHS waitlist is not pretty fuck long these days anyway
I don’t think he has a clue either.
I’ve been blessed two times by her this week alone.
A few weeks ago I helped one of my client’s employees set up their brand new laptop, which came with Win11 installed, of course. They just need it for basic work stuff and there’s no chance in hell anything other than Windows is a viable option here.
We work remotely so I would help them get set up to a point where they could at least share their screen to me, or I could take over via remote access myself, to finish the installation process. I just needed to guide them through the steps “blind” for a short while. Easy peasy, right?
So we go through the Windows 11 first time setup together. All seems to go ok until Windows asks them to log into their MS account or create one. No problem, we should be able to do that, right? Only that we can’t. We’re connected to the WiFi, etc., yet they get some generic ass error message like “Sorry, something went wrong” and that’s that.
Ok, so we can’t log in with an online account. Let’s try offline as a fallback! We set the username, password… “Sorry, something went wrong” again. We try to guess maybe it’s the password, it doesn’t match! Or it’s not strong enough! So we try all these different things for ages. Again, we’re getting no feedback whatsoever from Windows. Just “Something went wrong fuck you lol”.
I don’t use Windows myself, I’ve been a Linux user for years now, I don’t have any freaking clue how to remotely diagnose a vague issue that literally prevents them from getting the laptop to a functional state. So I Google the problem and the recommended answer is to run this magic “bypassnro” command. It will cut all the mandatory online account bullshit, move straight to a reliable offline account setup screen, and allow us to, you know, actually do work? And it worked!
If I hadn’t had that command at my disposal, that I was forced to use by Microsoft’s broken ass setup UX, I would’ve probably spent twice or three times longer coaching my non-tech-savvy client through booting into fail safe mode and doing all kinds of arcane sysadmin shit that I don’t even have to ever think about in Linux. All this just to get them into the desktop, on a brand new laptop.
And Microsoft have now decided to take it away. Nice one.
Happens to the best.
Ah, good suggestion that! $6/mo sounds way more affordable than self-hosting from scratch for sure. I fully agree the really difficult (and valuable) part is the people you bring in and keep, not the tech.
That’s a fair point about the portability of their protocol. And yeah, you’re right that they don’t encrypt everything. I’d meant to say “they encrypt everything you can encrypt without making the email undeliverable” but my fingers decided to type something else.
I’ve been using Tuta Mail for a few years now. No complaints. Most of the features you would expect. Lack of IMAP support is kinda disappointing but survivable. Their email security is very strong though — they encrypt every part of your email, including subject (some providers only encrypt the body). They’re also rolling out post-quantum encryption of email data at rest, which tickles my crypto nerd side.
They’ve still a loong way to go to match Proton’s product suite though, as they only offer Email, Contacts and Calendar for now. They’re working on Drive storage next, which is the main reason I currently use Proton.
Of course. I have nothing against Fediverse server admins setting up a Patreon —ideally Liberapay— or something similar to receive donations to cover running costs. I have and continue to contribute financially to indie devs or server admins when I can.
Not everyone will do that of course. But there again, running stuff at a small scale shouldn’t be crazy expensive either. The operational costs of keeping a microblog or indie site running are little to none. I host my blog and all of my side projects for free in a cloud provider.
Running a Fediverse server is more expensive. Last time I looked into what it would roughly cost to stand up a barebones stack to host a Mastodon server in a public cloud, it was like a hundred bucks a month. Not cheap but it may be big enough to house a couple thousand users. If at least 0.5% of your userbase donated some money to cover running costs, you might be ok.
Alternatively, if you have a server lying around at home, loads of people self-host at home, which is a tad cheaper.
I’m not saying a fully decentralised indie internet wouldn’t have its shortcomings, of course. I’m just saying I’d happily take that over the current state of the web.
Depends on the tab. Some are not soldered onto the can so I can work with that. For the ones that do, spoons it is.
If you do, you wouldn’t need to stray too far.
Bring them back! I for one would rather use a forum over a fucking Discord server any day of the week. At least forums are open, searchable and discoverable. Good luck finding the answer to a question you have that some poor sod like you may have also asked in a Discord server months or years ago.
I’d say genuine. Genuine experiences. Sharing shit for sharing’s sake. Not for better SEO. Not for profit. Just unadulterated human expression.
That’s how I envision using the internet for entertainment in the near future. I’ll still use the shitty corporate sites when I must, for transactional browsing. I’m not going to pretend I can push Amazon, Microsoft, Google, online banking, etc. out of my life just like that.
But I will actively seek authentic spaces. They will be a tad smaller than your average social network, Reddit, and whatnot. But I’m certain they’re out there and more people will join me in this search and populate these small spaces as time goes on.
Lemmy, Mastodon, the IndieWeb movement. The first steps. I hope to find more!
Yeah, but there are degrees of vulnerability. Otherwise, things like password strength or MFA wouldn’t matter.
If all your passwords are fully random, then that’s one less weakness that can be exploited. People can’t make educated guesses about your passwords just from analysing your social media profiles and history, e.g. if you post a lot about Star Wars, it’s more likely your passwords could contain a Star Wars reference.