gigantic absurdist nerd
389 stories
·
113 followers

Blaise Larmee

1 Comment


Blaise Larmee

Read the whole story
michaelglass
3603 days ago
reply
christmas spirit
San Francisco
Share this story
Delete

larstheyeti: This is basically how Gallbladder can cause...

3 Comments


larstheyeti:

This is basically how Gallbladder can cause pancreatitis.

[source] [New (limited) Gallbladder shirts]

Read the whole story
michaelglass
3604 days ago
reply
cant believe it had the gall
San Francisco
fxer
3605 days ago
reply
Hah, first pancreatitis cartoon I've ever seen
Bend, Oregon
Share this story
Delete
1 public comment
satadru
3605 days ago
reply
science.
New York, NY
MotherHydra
3605 days ago
OMG cute science at that!

Can Oakland possibly gentrify responsibly?

2 Comments

Holy cow, Susie Cagle‘s new piece on the gentrification situation in Oakland is a barnburner. Here’s how it starts:

Gentrification: We think we know it when we see it. Pour-over organic coffee, double-wide designer strollers, gluten-free options. Millennials and their unrelenting desire to live and work in cities that pushes out longtime residents. A tide rising, cresting and washing over. An act of nature.

These demographic and economic shifts in cities aren’t the result of organic social and cultural trends; the changes are wrought by decades of investment and public policy choices, and inextricably bound to histories of racism, exclusionary land use policies and exploitative banking processes that left certain communities vulnerable to a steamroller of new investment.

“If you don’t know what the problem is you definitely can’t stop being a part of it, and I think a lot of people don’t know what the problem is,” says DeeDee Serendipity, a native of Oakland who now owns a salon in the city.

Read on for an exhaustive examination of how exactly gentrification works and what exactly is happening in Oakland.



No comments | Permalink | Share on Facebook | Tweet this

Read the whole story
michaelglass
3621 days ago
reply
Susie Cagle is my heroine
San Francisco
samuel
3622 days ago
reply
Fascinating look at what's happening in Oakland. Home prices up 25% this year alone.
Cambridge, Massachusetts
MotherHydra
3621 days ago
Sounds very similar to my part of town. Home prices have shot up so high I'm looking to move across state lines.
Share this story
Delete

“Invalid Username or Password”: a useless security measure

1 Comment and 3 Shares

Login attempts fail because computer users can't remember their email or didn't input the right password. Most websites on the Internet won't tell you which one is actually incorrect.

Amazon:

Amazon

Shoprunner:

Shoprunner

Hacker News:

HN

If you tell an attacker the email address is wrong, they'll try a different one. If you tell them the password is wrong, then an attacker knows that the username is correct, and can go on to try a bunch of passwords for that username until they hit the right one. So sites won't tell you which one is wrong, to try and avoid the information disclosure.

Unfortunately this assumes that there's no other way for an attacker to discover whether a username/email address is registered for a service. This assumption is incorrect.

99.9% of websites on the Internet will only let you create one account for each email address. So if you want to see if an email address has an account, try signing up for a new account with the same email address.

Here are all of the websites above, confirming that an account exists with my email address/username:

Amazon:

Amazon

Shoprunner:

Shoprunner

Hacker News:

HN

So what we've done by promoting "Invalid username or password" is made our login form UX much, much worse, without increasing the security of our product.

If people don't log in to your site every day (every site on the web except Facebook or Google), not remembering credentials is a huge barrier to accessing your site. Don't make it harder by adding a vague error message that doesn't increase your site's security at all.

But there's a tradeoff there between security and UX, I hear you say. I am trying to show you there is no tradeoff, as presented above; you are choosing between a better user experience and a worse user experience.

Here is an actual UX/security tradeoff: you can make the signup process email based. When someone attempts to sign up with an email address, you send them an email to complete the registration process. If they don't control the email inbox, they can't see whether the email address has an account already. This is much more arduous and requires two context switches (go into your email, avoid distraction, wait for email to arrive, click link in email, remember what you were doing on site). I don't recommend this, because of the context switches, though you can implement it.

Otherwise, accept that your login page and your signup pages are targets for malicious behavior, and design appropriately.

  • Rate limiting can go a fair way to preventing brute force attacks. To find email addresses, an attacker is going to need to try a lot of email addresses and/or a lot of passwords, and get a lot of them wrong. Consider throttling invalid login attempts by IP address or subnet. Check submitted passwords against a dictionary of common passwords (123456, monkey, etc) and ban that traffic extra hard. Exponential backoff (forcing attackers to try again after 1, 2, 4, 8, 16.. seconds) is useful.

  • Give guidance to users about creating strong passwords. Allow easy integration with LastPass or 1Password.

  • Add a 2-factor auth option to your website. Encourage users to use it.

  • Warn users about malicious behavior ("someone is trying to snoop your password") and contact them about suspicious logins.

Read the whole story
michaelglass
3641 days ago
reply
duhh
San Francisco
fxer
3642 days ago
reply
Bend, Oregon
Share this story
Delete

karnythia: deducecanoe: I would tell him to fix the cuffs on...

2 Comments and 3 Shares








karnythia:

deducecanoe:

I would tell him to fix the cuffs on his jeans. They aren’t folded quite evenly.

Also that the grey shirt isn’t really a good color for him. It washes him out.

Read the whole story
michaelglass
3641 days ago
reply
//
San Francisco
ryanbrazell
3642 days ago
reply
A+ commentary
Richmond, VA
michaelglass
3641 days ago
fancy phone
Share this story
Delete

The relative size of our solar systems planets using...

2 Comments and 3 Shares


The relative size of our solar system’s planets, using fruits, by Avi Solomon.

Found at kottke.org.




Autoshared by ifttt.com
Read the whole story
michaelglass
3649 days ago
reply
//
San Francisco
ryanbrazell
3650 days ago
reply
I like this oh so very much.
Richmond, VA
Share this story
Delete
Next Page of Stories