dual_sport_dork 🐧🗡️

I have to imagine that when some c-level suit saw that term in his moth-eaten copy of “Social Media for Dummies,” I don’t think it was intended to be taken quite so flagrantly visibly literally…

Manufacturers absolutely do make only-for-sale-in-California-variant cars. Motorcycles, also. They’re not as common as they used to be because emissions laws elsewhere are also starting to become as stringent as the CARB rules these days as well, so it’s becoming more cost effective to just make everything the “California version.”

Throughout the early 2000’s, the distinction was much more relevant. The last vehicle I had to work on that I know for a fact to be a “California version” was a 2014 KLR650. It has additional (unreliable…) emissions control equipment that is not present on otherwise identical bikes from the same model year that were not intended for sale in California.

Furthermore, California will refuse to plate any vehicle that does not specifically have a California compliant emissions certification if it has fewer than 7500 miles on it, i.e. if it is new. Those that don’t meet California’s standards are labeled “49 state” vehicles.

That, and the Internet has been teaching people how to create bombs since the dial-up days. I don’t predict that LLM’s will be either a benefit or a detriment to that particular strain of natural selection.

Neat.

I haven’t dug into the docs much. This really does return vectors? Because all of the OSM servers and services I have seen return tiles that are bitmaps, which for the type of data being displayed always seemed like a rather moronic way to do it.

Like content recognition can’t recognize text, if that’s what it’s been configured to look for?

That would require us to deal with both Reagan and Nixon over and over again, though.

I guess their bullshit would be reverted when each loop resets. But still.

You should probably have some safeguard to prevent jokers from uploading 14.2 gigabytes of absolute nonsense into your system’s password field just to see if they can make it crash. But I think limiting it to, like, 8 kB ought to be quite lenient for anything with a modern internet connection.

As others have noticed, various hashing functions have an upperbound input length limit anyway. But I don’t see any pressing reason to limit your field length to exactly that, even if only not to reveal anything about what you might be feeding that value into behind the scenes.

Ooh, ooh. And for implementing any Javascript or jQuery or whatever that pops up some kind of smarmy message when you right click: Believe it or not, straight to jail.

Plus, that kind of thing is not going to prevent anyone from scraping images from anywhere if they have the capability to lift a finger to press F12.

Characters are characters. The system I just wrote will accept anything, because the first thing I do with it is hash it. If you want to make your password:

░▒▓█ ʥ۞ݔݯݲݸݴݺ '; drop table users; 🤣💩ʩ █▓▒░

Then go for it. More power to you for typing that out or, more likely, letting your password manager remember it. Make your password as entropic as you can manage, I don’t care how you arrive there.

That works great until some dickhole implements the old, “New password cannot contain any sequence from your previous (5) passwords.”

This also of course necessitates storing (multiple successive!) passwords in plain text or with a reversible cipher, which is another stupid move. You’d think we’d have gotten all of this out of our collective system as a society by now, and yet I still see it all the time.

All of these schemes are just security theater, and actively make the system in question less secure while accomplishing nothing other than berating and frustrating its users.

That’s the “zero width space,” Alt + 200B for Windows users. Another favorite of mine is the nonbreaking space, Alt + 0160, which a staggering majority of web sites and other systems fail to account for.

Don’t bug users to change passwords periodically. Only do it if there’s evidence of compromise.

This is a big one. Especially in corporate environments where most of the users are, shall we say, not tech savvy. Forcing people to comply with byzantine incomprehensible password composition rules plus incessantly insisting that they change their password every 7/14/30 days to a new inscrutable string that looks like somebody sneezed in punctuation marks accomplishes nothing other than enticing everyone to just write their password down on a Post-It and stick it to their monitor or under their keyboard.

Remember: Users do not care about passwords. From the perspective of anyone who isn’t a programmer or a security expert, passwords are just yet another exasperating roadblock some nerd keeps putting in front of them that is preventing them from doing whatever it is they were actually trying to do.

Who cares? It’s going to be hashed anyway. If the same user can generate the same input, it will result in the same hash. If another user can’t generate the same input, well, that’s really rather the point. And I can’t think of a single backend, language, or framework that doesn’t treat a single Unicode character as one character. Byte length of the character is irrelevant as long as you’re not doing something ridiculous like intentionally parsing your input in binary and blithely assuming that every character must be 8 bits in length.

They can in a few states. Delaware, for instance, where the law provides them two hours even without having to clear the bar of reasonable suspicion. This is of couse blatantly unconstitutional, but it’s still a state law.

I briefly touched on this in a lengthy comment when this scheme was originally floated a few months ago. Your prediction, which granted is something that Youtube/Google absolutely would try if they thought they could get away with it, would only work on viewers that remained within the confines of Youtube’s native player.

Any third party app capable of bullying or tricking Youtube into handing them the video data is free to do whatever it wants to with it afterwards, even if this ultimately means impeccably pretending to be the official Youtube player in order to get the server to fork over the data. Furthermore, video playback is buffered so a hypothetical pirate client would have several seconds worth of upcoming video to analyze and determine what it wants to do with it.

Youtube could certainly make this process rather difficult by including some kind of end-to-end DRM or something, but at the end of the day you need to make a playable video stream arrive on the client’s device or computer somehow, and if you can’t guarantee full control of the entire environment in which that happens, dedicated nerds will find a away to screw with that data.

I swear at some point in the future the consumer version of Windows will be little more than the Edge browser in a wig.

Does that mean the install size might wind up being less than 23.2 gigs?

That depends, do I get a Tommy gun?

It sounds like describing Ng’s tank from Snow Crash.

…I want to drive Ng’s tank from Snow Crash.

TI, yikes.

Yeah, well, TI has spent bucketloads of money bribing textbook publishers to only include instruction for their specific models so they are now the de facto standard in American schools. This is apparently legal.

Anyway, team Casio represent.