we could also talk about the technical aspects of the nazi gas chambers, but maybe its only human if first we condemn this for what it is, a war crime. i for one am sick of the normalization of it
this. the uis for different apps have different needs - ex. keeping a video editor wide and narrow. and its not uncommon to want more apps open than would fit into their own tiles or having to move to another desktop workspace. i just wish there was a compositor or window manager for wayland that supported working this way, none really do. without a tiling wm, apps in gnome want to open right in the center of the screen, and don't remember their positions, its comically bad
mozilla used to have this smart guy, brendan something, as their cto. but he was chased out of mozilla and created a new browser called brave. it actually does what this current cto claims to be trying to do
maybe i wasnt clear - its listed for sale by name cheap. i am open to other explanations, but im just sharing my experience of what happened. the whois record shows name cheap as the owner. thats the "basis" for my point here. why would they do it? well read about what happened with icann, lots has been written about the incentives and state of affairs today. if you could link to some policy that states this practise is not done (like how some companies privacy policy calls out if they sell your data or not), that would be great, but otherwise baseless comments like this are not helpful
"make an offer" shows up for all registered domains, clicking it will show you:
"Powered By DomainAgents"
"This domain is not listed for sale, but you can still make an offer. DomainAgents will track down the domain owner, present your offer, and bring them into the negotiation."
> the whois record shows name cheap as the owner
You mean it shows up as the registrar?
Like this:
> Registrar: NAMECHEAP INC
And possibly:
> Registrant Name: Redacted for Privacy
> Registrant Organization: Privacy service provided by Withheld for Privacy ehf
(that meaning you don't know who actually registered it.)
got it, thanks. indeed looking again at the whois record, the registrant info is redacted, and the make offer link takes me to domain agents.
so i may have jumped to a conclusion here, but ultimately though my question remains: i searched a domain on namecheap, it was available, and then suddenly it is taken a couple days later. the domain itself appears unused and for auction, and the registrar is also, conveniently, namecheap. so if namecheap isn't the actual registrant holding it for ransom, are searches shared or sold to third parties looking for potentially valuable domains? whatever happened it's hugely suspect - so the net effect is that im hesitant to search with or use namecheap again for my next domain without some insight here
thanks, will dm you. do you explicitly state its a practice you do not engage in anywhere other than the comments here? if so it would greatly help folks like myself if it was an error of some kind. the whois record showed it registered after my search, so i dont think a misreporting makes sense. if its a mistake that would be cool, obviously incredibly suspect which led me to read up on it and i found similar stories from others
yep, most of the discussion about passwords completely miss the point. a random word, like "dog" or "pingpong" is fine if the pqsswords are salted and hashed appropriately. how often have your accounts been hacked this way? if an adversary is really banging on the hash, and they want it, any password under around 50 characters is as good as "dog", and no "complexity" meter is gona cut it. that xkcd comic that says 550 years? no, that password its owned a lot a faster than that. all this talk of entropy and security but so obviously clueless about modern brute force techniques
> most of the discussion about passwords completely miss the point. [...] any password under around 50 characters is as good as "dog"
I think you've completely missed the point.
After how long do you start to get annoyed when logging in? Most people probably at 2-5 seconds, but let's say ten full seconds of waiting for the computer to do the hashing. A word like dog is among the top few thousand words, let's say ten thousand, so after 10k×10s/(3600 seconds per hour) = ~28 hours your password is cracked on a single cpu. Probably more like 28 minutes on a couple GPUs, and this is using a complexity setting that literally nobody is going to use (I bet even the NSA isn't paranoid enough to wait 10 seconds for every login). Now compare that to "any other password under around 50 characters".
If you want to use a passphrase, pick random words (at least five when using complex words; the number depends on your dictionary size). Not a single word that is also very common. That completely misses the point.
This strategy would work if literally everyone uses a random words generator and yours, against all odds, comes up with a single common word. Then attackers would have no reason to crack in order of commonness and start with a single word. But that is not the reality we live in and attackers do start with simple passwords before complex ones. (Source: one of the things we do at work is crack passwords, most commonly when we get our hands on Windows password hashes.)
if its that "dog" is a weak password, i thought that was evident. but many people seem confused that "horseloverwhatever" is more secure, similarly that "dog23!Wog" is more secure. my point is they are equally trash so leave the user alone
> if its that "dog" is a weak password, i thought that was evident
You're confusing me. First you say that "dog" is just as strong as any other password, now you say that it should have been evident that it's a weak password. Which is it?
> my point is they are equally trash
This again sounds contradictory, but this time within one comment. First you say that horseloverwhatever is stronger than dog, but then that they are equally "trash".
i meant others commonly assume horseloverwhatever is more secure.
to be more clear,
1. dog is weak
2. horseloverwhatever is weak
3. 8randoms! is weak
4. therefore, dog is as good as horseloverwhatever or 8randoms!
5. most account compromises do not even require a brute force (shoddy practices on the backend) making the complexity requirements pointlessly burdensome on the user
6. in cases where you want a password to resist a legitimate brute force, we need to talk about passphrases (ie > 50 chars) or passwordless
i agree. but most sites that enforce a policy (8 chars, symbols, etc) are bruted just as easily. we need to take a step, away from passwords, to secure against brute force in 2022
well the gp's point is that it literally is not 'just as easy' because the space of possible passwords increases greatly with each character, such that 'dog' is much, much easier to bruteforce than 'doggie12'.
To be fair, I'd probably crack doggie12 sooner than dog because who has ever seen a website with a password length requirement below 6. But technically, yep you're 100% right.
The length of the password only somewhat matters for rainbow tables -- they're not limited to dog-sized passwords -- but also, I rarely come across implementations these days that do not use a salt of some kind, which defeats existing rainbow tables. Generating one-off tables is about as expensive as just cracking the hashes directly.
(Then again, the implementations I see are mostly from well-known projects or customers that care enough about security to hire us. It's biased, but I do think word has gotten round about hashing and salting.)
a random word, like "dog" or "pingpong" is fine if the pqsswords are salted and hashed appropriately. how often have your accounts been hacked this way? if an adversary is really banging on the hash, and they want it, any password under around 50 characters is as good as "dog", and no "complexity" meter is gona cut it.
You really need to provide some sources for this claim; it's outlandish and unreasonable because it varies so wildly depending on what you mean by "appropriately". This isn't magic, it's math, and we know how fast computers can do specific kinds of math under specific conditions.
> yep, most of the discussion about passwords completely miss the point. a random word, like "dog" or "pingpong" is fine if the pqsswords are salted and hashed appropriately. how often have your accounts been hacked this way?
A word like "dog" or "pingpong" is favored in a rainbow-table type of attack. Nobody pre-hashes "109231oijoasdfnaisdfabatteryhorse123".
And yes many passwords have been hacked this way [0].
So it's hard to understand the point you are tried to make. Why don't you try again and expand on "modern brute force techniques" that could crack a password 50 characters long? More productive endeavor and benefits the board.
how does a rainbow table crack "dog" with the salt "109231oijoasdfnaisdfabatteryhorse123"?
rainbow tables are as old as time and indeed still work on passwords with poor salting. for more complex (but not complex enough) passwords there are more modern approaches, like probabilistic candidate generation
