Share this page!

Robᵉʳᵗ Graham😷, provocateur Profile picture
Twitter logo
6 Jun, 8 tweets, 2 min read
Ah, memories! I was giving a talk at PasswordCon on "Password Misconceptions" or something similar. A previous speaker was "caught" unlocking their screen before their presentation with a short password. Everyone knows short passwords are weak.
So when it was my turn, I did the same, because I'm a jerk (I quickly edited my talk to add a slide).

The audience saw me connect my laptop to the projector, saw the lock screen appear, and saw me type a short password [******] to unlock my computer to start the presentation.
They laughed at me for my weak, insecure password. How could somebody be talking about password security and have such a weak password on their laptop??
Then I started my presentation on "Password Misconceptions". The first slide was a photograph of my computer lock screen with a short password [******] typed into the field -- exactly what the audience had just seen.
I proceeded to explain why this wasn't, actually, insecure. It's because I do things with my laptop differently than most people, by having a separate 'unlock' password than a 'boot' password and a 'remote network' password.
The point is that there's tradeoffs. A long, complex password every time you unlock the screen encourages bad behavior, such as no locking the screen. So just split things: a long complex password for administrative things and a short password for unlocking the sleep screen.
Now with a fingerprint reader on the keyboard, this whole thing is moot. You can have the best of both worlds, a long complex password and the simplicity of unlocking the sleep screen.
One of the things new speakers at conferences worry about are questions like "Will the audience like me?" and "Will the audience respect me?".

I started this particular talk by making the audience disrespect me, then transitioned to them not liking me (for turning the tables).

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

Robᵉʳᵗ Graham😷, provocateur Profile picture
5 Jun
Pffft. A better poll would be which pop culture references would be the best for legal opinions.
Personally, I think the Van Buren decision could've benefited from an analogy with some Tyrion Lannister wisdom.

This judge got it right:
cnn.com/2019/07/10/us/…
Best source of pop culture references for legal opinions:
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
5 Jun
This is normal NYTimes fair: "My provider of anti-science medical quackery called chiropractics holds anti-science medical quackery opinions about vaccines. Is this unethical?"
The answer should start with the ethics of claiming to provide medical care when, in fact, you are not.
This is a great demonstration of how people confuse ethics with politics. Vaccinations are a political question rather than an ethical question.
Read 4 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
4 Jun
So that "9-0 pcap" conspiracy-theory video: I grabbed a screenshot of what they claim to be "pcap of encrypted data", OCRed it, and converted the hex back to ASCII. My guess is that it's a hexdump of an SQL dump. It's certainly neither "encrypted" nor a "pcap".
Fields separated by commands implies CSV format, but when those fields are surrounded by quotes, then many fields surrounded by parentheses, it starts to look at a lot like an SQL dump instead.
Bah, immediately after posting this, I see others have already gone down this route:
Read 8 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
3 Jun
So I'm reading the CFAA decision. I want to point out yet again that the "mens rea" requirement in the CFAA is bullshit. It doesn't mean the perp knew they were unauthorized, it means a reasonable person in the perp's place would've known they were unauthorized.
I can appreciate that in most crimes, this is the reasonable approach.

It's just that in computer crimes, it's not. People have wildly different understands how computers work, and thus, different understands about what's authorized.
Most people are unintimidated by the URL bar in the browser and have never edited the URL in their lives. Thus, reasonable people assume that if you couldn't have accessed a resource without editing the URL, then it was unauthorized.
Read 15 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
3 Jun
I'm somebody who actually likes the Federalist Society. How can it not vigorously defend the free speech rights of this student for what's obviously satire????? What part of "free speech" are people not understanding any more?
I mean, saner heads eventually prevailed, but still, it's something the Federalist Society should still respond to and admit their error.
FIRE has a better article with links to the original email and the complaint.
thefire.org/law-students-g…
Read 5 tweets
Robᵉʳᵗ Graham😷, provocateur Profile picture
2 Jun
I disagree with the answer.

The correct answer is that THIS IS FREAKIN' KERCKHOFF'S PRINCIPLE FROM 1880!!!!!!! Seriously, at some point we have to point out YOUR CONCERN WAS ADDRESSED OVER 100 YEARS AGO!!!!
Yes, yes, we can't apply this principle has a clichéd response to every question (as some people do). But at the same time, we can apply it where it's clearly appropriate, such as in this case.
The naive believe we need to hide the details of how things work, in the name of security, so that the attacker doesn't know the details.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @ErrataRob has new unrolls!

Check out other threads from @ErrataRob!

Read all threads by @ErrataRob

:(