The catarrhine who invented a perpetual motion machine, by dreaming at night and devouring its own dreams through the day.
Well, at least here we can talk about Voldemort without evoking him, right? (Unless this shit is like Betelgeuse - on the third time you mention his name, he pops up to ruin your day.)
Okay, serious now: that’s sensible since in r/brasil it would be basically advertisement.
We’re talking about two different problems.
The one that I’m talking about is Reddit admins being clearly hostile towards the community, including mods, and the mods still being willing to lick the admins’ boots, instead of migrating their comms to another site. Even at the expense of the userbases of the subreddits that they moderate.
Here in Lemmy this shit does not roll - both because it’s easier to migrate comms across instances, and because the userbase is mostly composed of people with low tolerance towards admin abuse.
Now, regarding the problem that you’ve spotted: yes, it is a problem here that boils down to
I am really not sure on how to compare the extent of both issues in Lemmy vs. Reddit, nor how to address them here, and thus to get rid of the problem that you’re noticing.
For a casual observer, who was never engaged with that platform, it might actually look like Reddit is back to normal, based on a casual glance at the activity.
You only notice the cracks leaking water when you actually look closer, and you remember that the stone dam didn’t have so many of them. The surge on bot activity, the lower level of discourse in the comments, the further concentration of activity into larger subs, the content feeling more and more repetitive…
That’s hilarious. And surprisingly uplifting if the alt-right sub in question is r/brasillivre, since that shithole is still empty.
May I be blunt? I don’t think that anyone still moderating Reddit has a shred of dignity, decency, or concern about their userbase. As such this shit will pass and nobody there will care.
To be a moral agent, your actions towards others need to have consequences for yourself - be those consequences direct, social, emotional, or something else. And intelligence on itself doesn’t provide those consequences.
The nearest that you could do, with AGI alone, would be to hardcode it with ethical principles, but that’s another matter. (I’m saying this because people often conflate ethics and morality, even if they’re two different cans of worms.)
That seems sensible.
Even a hypothetically true artificial general intelligence would still not be a moral agent, thus it cannot be held responsible for its actions; as such, whoever deploys and maintains it should be held responsible. That’s doubly true with LLMs as they aren’t even intelligent to begin with.
I’m not suggesting Arch, but Arch-based distros. Manjaro doesn’t break anywhere as often as Arch does.
…or alternatively go with Mint and re-learn how to handle the packages. pacman vs. APT is not a big deal anyway.
Its all just to play games.
Ditto - that W3.11 install is just because of the Windows Entertainment Pack, I love a few of the games in it (like Pipe Dream). I don’t even know if it’s able to connect to the internet!
Sorry, I couldn’t resist.
I started with a Knoppix-based distro, called Kurumin. KDE 3 was the rage back then!
On your main point: the shell might be hard in the beginning, but for most things that you need to use the shell with, people on the internet already had the same issue and shared how to do it. Unless you’re actively trying to make something different, like I did with my audio switching script.
And even the sort of situation that you need to use the shell for decreased by a lot from back then to now.
Besides what other users said: if you feel comfortable with SteamOS you might want to give EndeavourOS and Manjaro a check - all three distros are based on Arch Linux, and while Arch is geared towards experienced users the later two try to “sell” it towards a wider audience.
This reminds me of that “all mushrooms are edible, at least once” thing.
What you’re proposing is effectively the same as "they should publish inaccurate guidelines that do not actually represent their informed views on the matter, misleading everybody, to pretend that they can prevent the stupid from being stupid." It defeats the very reason why guidelines exist - to guide you towards the optimal approach in a given situation.
And sometimes the optimal approach is not a bigger min length. Convenience and possible vectors of attack play a huge role; if
min 8 chars is probably better. Even if that shitty manager, too dumb to understand that he shouldn’t contradict the “SHOULD [NOT]” points without a good reason to do so, screws it up. (He’s likely also violating the “SHALL [NOT]” points, since he used the printed copy of the guidelines as toilet paper.)
I don’t think that the entity should be blamed for the shitty manager. Specially given that the document has a full section (appendix A.2) talking about pass length.
They might mean well, but the reason we require a special character and number is to ensure the amount of possible characters are increased.
The problem with this sort of requirement is that most people will solve it the laziest way. In this case, “ah, I can’t use «hospital»? Mkay, «Hospital1» it is! Yay it’s accepted!”. And then there’s zero additional entropy - because the first char still has 26 states, and the additional char has one state.
Someone could of course “solve” this by inserting even further rules, like “you must have at least one number and one capital letter inside the password”, but then you get users annotating the password in a .txt file because it’s too hard to remember where they capitalised it or did their 1337.
Instead just skip all those silly rules. If offline attacks are such a concern, increase the min pass length. Using both lengths provided by the guidelines:
I think so, based on the original: “Verifiers and CSPs [credential service providers] SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.” With “shall not” being used for hard prohibitions.
That stipulation goes rather close to #5, even not being a composition rule. EDIT: see below.
I think that a better approach is to follow the recommended min length (15 chars), unless there are good reasons to lower it and you’re reasonably sure that your delay between failed password attempts works flawlessly.
EDIT: as I was re-reading the original, I found the relevant excerpt:
If the CSP [credential service provider] disallows a chosen password because it is on a blocklist of commonly used, expected, or compromised values (see Sec. 3.1.1.2), the subscriber SHALL be required to choose a different password. Other complexity requirements for passwords SHALL NOT be imposed. A rationale for this is presented in Appendix A, Strength of Passwords.
So they are requiring CSPs to do what you said, and check it against a list of compromised passwords. However they aren’t associating it with password length; on that, the Appendix 2 basically says that min length depends on the threat model being addressed; as in, if it’s just some muppet trying passwords online versus trying it offline.
What’s the bomb for? Is he paying rent for the shell?
I’d consider growing those. Mostly to blend alongside some extremely hot pepper, as then I can control the heat properly.