Old Fucking Punk @lwriemen@librem.one

Any #infosec folks wanna help me with some decent data to backup the following point? I am trying to make the point to some executives that a #password policy requiring minimum 8 characters with 1 symbol, mixed case, and 1 number is just not reasonable in 2025. (I'm commenting on another company's policy, not my own!)

What is a good example of a policy (e.g., NIST 800-63 or whatever) that said 49 bits was no good?

I currently say: 49 bits of entropy was unacceptably low in 2005. It is unthinkably low in 2025. What can I point to that might resonate better than "bits of entropy?"

Using the classic method with Shannon's estimate, I figure it's on the order of 49 bits of entropy but that's only if it's purely random from the full character set, and we konw that's not true.

I'm not looking for rhetorical suggestions. I'm good at rhetoric. I'm looking for references I can point to (like "XYZ published in 2011 that the minimum acceptable password was 56 bits of entropy")

feel free to boost for fun
#security #cybersecurity

As a Meta employee, I can honestly tell you what we know, and I do not know how we obtain all of it.

* Your full name
* Your full home address
* Your phone number
* Your e-mail
* Your government ID
* Your consumer report history
* The name of every family member
* The name of every friend
* The name of their family / friends
* Your marital status
* If you are faithful to your partner
* Your work history (all of it)
* Your education history (all of it)
* Your travel history (going back years)
* Your birth gender
* Your gender ID
* Your sexuality
* Your sexual preferences
* How often you're having sex
* Your partner's details (all the above)
* Your political ideology
* Your involvement with any group
* If you protest, we know
* If you're unhappy, we know

The amount of information we collect on you is insane. And we do it all for supposedly marketing and yes, we help the government since they have access to all this too.

So when someone says they want to avoid META or GOOGLE - respect.

🔵 This week's Tom the Dancing Bug
-
🛫 You'll be shocked at the all-true, top-secret story of Donald Trump and Epstein Island 🏝️
-
Brought to you by the Inner Hive, including long-time member Acoustic Ross and new member Don Bartenstein.
Join us at bit.ly/theInnerHive
-
READ THE COMIC RIGHT HERE👇

They should gimme some of that A.I. cash they're setting on fire. https://patreon.com/BrianMcFadden

Mexit, not Brexit, is the new priority for the UK - https://www.theregister.com/2025/08/08/opinion_column_mexit_not_brexit/ "A #Microsoft Exit strategy isn’t just a good idea, it’s vital. It must go a long way beyond a farewell to Redmond"

New one

I had the Blueberry talk with GPT5. https://kieranhealy.org/blog/archives/2025/08/07/blueberry-hill/

I keep hearing AI proponents say that it's critical to develop these AI-using skills *now*, because otherwise you'll be left behind.

But isn't the whole point that AI means you can just let all your skills atrophy and let the magic box do things for you?

Any AI system that you can't just sit down and use is *surely* not the True AI. ;-)

“I’m a guy who has been running independent websites and dealing with ad networks for more than 15 years and this book demystified a lot for me.”

https://tedium.co/2025/08/07/ari-paparo-yield-google-antitrust-review/

Elite universities are caving to Trump’s authoritarian demands. Here’s what you can do to fight back: https://indivisible.org/resource/elite-universities-are-caving-trumps-authoritarian-demands-what-you-can-do-next?source=mastodon

Two years ago when researchers found and publicly exposed an intentional backdoor in a TETRA encryption algorithm used to secure radio communications for police/military/intel agencies around the world -- the algorithm involved a key advertised as one strength but secretly reduced to 32 bits -- the European organization that produced the algorithm told users that to secure their communications they could deploy an end-to-end encryption solution on top of the backdoor'd algorithm. Now the same researchers say they found a security problem with the end-to-end solution as well -- another reduced key. Here's my story for Wired:

https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/

Google calendar can be poisoned with invisible, malicious Gemini prompts:

https://www.darkreading.com/cyberattacks-data-breaches/google-gemini-ai-bot-hijacks-smart-homes

Do I have to stop clicking on calendar invitations? What are the alternatives?

If Google can't get security or "AI" right, what hope is there that anyone will?

Get the schools to teach this stuff, and then you'll have compliant people entering the workplace who need subscription for these services to do anything. Brilliant!

"We can blend CS with design, ethics, systems thinking, and human-computer interaction..."

I really can't believe they dropped "ethics" in there with a straight face. Of course, their ethics are probably different from mine. 🤔

We're going to need journalists to stop talking about synthetic text extruding machines as if they have *thoughts* or *stances* that they are *trying* to *communicate*. ChatGPT can't *admit* anything, nor *self-report*. Gah.

https://www.wsj.com/tech/ai/chatgpt-chatbot-psychology-manic-episodes-57452d14

Psst... looking for a new club to join? 👀

Great news, ours is looking for new members: https://codeberg.org