People used to care a lot. The GNU utils absorbed everything all the old Unix vendors did. This made them comparatively heafty back when a high end workstations might have had 64MB of RAM.

Now that Chrome takes up gigabytes per tab, nobody cares except a few old Unix curmudgeons.

Meh. It’s a nice bragging right, but that’s all it is at this point. Linux killed off almost all the old Unix vendors for a reason.

There’s a model that id used for open sourcing their engines. The source code is open, but the assets (textures, models, sounds, etc.) are still copyrighted and you still have to buy the game to get them legally. This means the company still sells copies on Steam or wherever, and games that replace all the assets can still sell them without any licensing costs, too.

I’m a little surprised this model never caught on. Even id only ever published the engine to the previous game–Quake 3 was open sourced a little after Doom 3 was released–and the practice seems to have stopped when John Carmack left.

Possibly because nobody has tested it in court, or some other subtle legal issue?

For Debian, “unstable” just means “not running a five year old compiler”.

A password only 8 chars long can still be brute forced, salt or not.

Without salt, the attacker would make a guess, run the hash on the password, and compare it to the stored version.

With salt, the attacker would make a guess, combine it with the salt, and then run the hash and compare like before.

What salt does is prevent a shortcut. The attacker has a big list of passwords and their associated hash values. They grab the hash out of the leaked database, compare it to the list, and match it to the original plaintext. When the hashes have a salt, they would need to generate the list for every possible salt value. For a sufficiently long salt that’s unique to each password entry, that list would be infeasible to generate, and infeasible to store even if you could.

If your passwords were long and random enough, then it’s also infeasible to generate that list to cover everything. It really only works against dictionary words and variations (like “P4ssw0rD”).

Bcrypt and scrypt both have a byte limit of 72. That’s still enough for a secure passphrase, though some schemes might blow past it.

It’s usually part of the string stored to the DB.

Edit: you can see the PHC spec here:

https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md

Which is a common format for various password storage algorithms, including Argon2. It has a salt field.

That’s not how salt works. It will be stolen alongside the password hash, because salt is necessarily in plaintext. It doesn’t increase the guessability of passwords. It just makes it infeasible to precompute your guesses.

Those are salted, they just do it for you.

Legally or physically allowed?

If it’s compsci, then it doesn’t need to be bare metal. It should be a language that’s good at demonstrating abstractions. Java wouldn’t be my choice, here. Elixir would be a good one.

You might want bare metal as a prereq to an operating system course.

If it’s software engineering, OTOH, then yes, a bare metal language has a bigger place.

Sorta. I find it doesn’t always pop up Bitwarden to select an autofill. Then I unlock it manually, and sometimes it then gives me the button for autofill. Sometimes not and I have to manually copy and paste.

And sometimes there’s a broken ass app that blocks you pasting passwords. People need to be fired for this.

Same thing happened to me on Last Pass, so I’m pretty sure it’s an Android issue.

Not how it works.

First of all, there’s far too many companies out there still storing passwords in plaintext.

Second of all, even with a good hash algorithm, hacking a specific person’s password out of a leaked database is still feasible when your passwords are variants of a few dictionary words with a few numbers and symbols attached.

Creating fully randomized, unique passwords in a password manager really is the best way. Even an older hash method of storage on the web site’s part will likely protect it.

It’s even broader. An EU citizen living anywhere accessing any site can report that site. It may be that the EU won’t be able to collect the fine–assuming the owners never travel to the EU–but they can be fined.

It’s more than that. The EU law lets any EU citizen report a company that’s not in compliance. That includes companies not strictly in the EU. It’s why even US companies tend to be in compliance (or something like compliance).

GNU HURD remains ignored.

Libertarian Socialism has little to do with US libertarians. The term was openly stolen for the Right. The intellectual history is completely separate.

Murray Rothbard: "One gratifying aspect of our rise to some prominence is that, for the first time in my memory, we, ‘our side,’ had captured a crucial word from the enemy . . . ‘Libertarians’ . . . had long been simply a polite word for left-wing anarchists, that is for anti-private property anarchists, either of the communist or syndicalist variety. But now we had taken it over… "

While it’s true that lots of libertarians prefer Linux, the first ancap I met in an online forum was a Romanian-born Christian living in the US, was so fundamentalist that he was actively looking for a church where men and women sat on different sides of the pews, loved Microsoft, and hated Linux. He also had a habit of changing the definition of words in the middle of debates. People found him completely infuriating.

I’ve been hoping that we can sneak more and more things into userspace on Linux. Then, one day, Linus will wake up and discover he’s accidentally made a microkernel.

They have x86_64 models.