MG Siegler:

Unlike most of the internet, I don’t tend to be one of those people who hates new features when they roll out simply because they’re different. There are exceptions, of course. But for the most part, I try to keep an open mind and often like many new features and fully recognize that even if I do not, any fervor over such changes is likely to subside quickly in the ever-shifting quicksands of internet time.

Which is to say, I gave “Messenger Day” a few days. I still absolutely hate it.


Continue readingShatChat
Posted inLinks

Password Rules Are Bullshit

Jeff Atwood:

Password Rules Are Bullshit

They don’t work.

They heavily penalize your ideal audience, people that use real random password generators. Hey guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure.

They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure.

They are often wrong, in the sense that the rules chosen are grossly incomplete and/or insane, per the many shaming links I’ve shared above.

Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”.

Jeff has a few interesting rules of his own regarding passwords:

  1. Password rules are bullshit
  2. Enforce a minimum Unicode password length
  3. Check for common passwords
  4. Check for basic entropy
  5. Reject special case passwords

These are pretty interesting ideas, especially the checks for common passwords and the reject if password equals username or email address.


Continue readingPassword Rules Are Bullshit
Posted inLinks

Steve Jobs’s first reaction to the Genius Bar: ‘That’s so idiotic! It will never work!’


In 2000, when Apple hired Ron Johnson to create and run its first retail stores, Johnson got a crash course in working with Steve Jobs.

Arguably the centerpiece of what became the Apple Store is the Genius Bar, one of Johnson’s ideas. Customers can take private lessons in how to use their new Apple products, or take existing products in for tech support and repairs.

Jobs hated the idea.

“I remember the day I came in and told Steve about the Genius Bar idea and he says, ‘That’s so idiotic! It’ll never work!’” Johnson said. “He said, ‘Ron, you might have the right idea, but here’s the big gap: I’ve never met someone who knows technology who knows how to connect with people. They’re all geeks! You can call it the Geek Bar.’”


Continue readingSteve Jobs’s first reaction to the Genius Bar: ‘That’s so idiotic! It will never work!’
Posted inLinks

Google calls ‘time’ on the Pixel laptop

Frederic Lardinois, writing for TechCrunch:

When asked if Google had plans to produce any more Pixel laptops, Osterloh said that the company had “no plans to do one right now.” He added that the versions that are already out in the market have totally sold out and that there are no plans to make any more of those, either. Indeed, if you go to the Google Store today, you won’t find any Pixel laptops for sale, though there are plenty of third-party Chromebooks available there.

The company is not, of course, talking about Chrome OS. “Chrome OS is a huge initiative in the company,” Osterloh said. “Google hasn’t backed away from laptops. We have the number two market share in the U.S. and U.K. — but we have no plans for Google-branded laptops.”

ChromeOS is popular, I actually love using my Chromebook Flip. But for most people, the idea of a Chromebook is cheap hardware.


Continue readingGoogle calls ‘time’ on the Pixel laptop
Posted inLinks

Microsoft now lets anyone create and publish Xbox games

Microsoft today announced a new initiative to let any game developer create and sell games on its Xbox platform without having to go through any of the company’s preexisting channels. The Xbox Live Creators Program, as it’s called, is designed to let an indie team or solo developer take a retail Xbox, which doubles as a dev kit, and use it to create and self-publish the title to the Xbox marketplace. Prior to today, developers had to part of an established game development or media company, or they had to apply through Microsoft’s ID@Xbox indie game program to receive self-publishing capabilities.

That are a couple of stipulations involved with the new program, which remains in a preview stage for now until it opens up to the general public soon. For one, the game you’re making must be a Universal Windows App, so that it can run on any Windows 10 device and not simply the Xbox One. Microsoft also reserves the right to remove your game from the store if it has “harmful or inappropriate content,” as the company won’t be binding any devs with non-disclosure agreements or concept approvals.

The program isn’t free. There’s a one-time fee to that ranges from $20 to $100, and it’s unclear right now how Microsoft plans on charging some developers more or less than others. Even then, unless a developer joins the ID@Xbox program, they won’t be able to enable online multiplayer for the Xbox version of the game or access the Xbox achievements feature. The Creators Program does let you still access Xbox’s leaderboards and party chat features. In one potential downside, games listed through the program will be kept in a separate section of the Xbox Store, which could limit their exposure to reach as wide an audience as ID@Xbox titles.

This should lead to more indie games in the Xbox store and could be promising.


Continue readingMicrosoft now lets anyone create and publish Xbox games
Posted inLinks

YouTube is entering the cable cord-cutter business with

Fast Company:

YouTube TV—a streaming service that will offer conventional TV channels streamed across the net to phones, tablets, PCs, and TVs. The company is only saying it will be available in “the coming months.”

But it’s disclosing most of the other vital facts about what the service will offer, and on paper, at least, they sound like a serious rival to existing services such as Sling TV, DirecTV Now, and PlayStation Vue.

This is an interesting announcement, and might be a good deal for some but it’s missing a lot of channels that might make it less of a good deal to many.


Continue readingYouTube is entering the cable cord-cutter business with
Posted inLinks

Cloudbleed: How to deal with it

Tavis Ormandy (Tavis Ormandy) of Google’s Project Zero uncovered a major vulnerability in the Cloudflare Internet infrastructure service. Essentially, web requests to Cloudflare-backed sites received answers which included random information from other Cloudflare-backed sites!

This information could potentially include confidential information (private messages on dating sites, emails), user identity information (Personally Identifying Information (PII), and potentially in a healthcare context, Protected Health Information (PHI), or user, application, or device credentials (passwords, API keys, authentication tokens, etc.)

Both Project Zero and Cloudflare acted promptly. The bug was reported on 2017–02–17 and a mitigation was in place within an hour. Public notification was given on 2017–02–23.


Continue readingCloudbleed: How to deal with it
Posted inLinks

Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster

Have you heard? A tiny bug in Cloudfare’s code has led an unknown quantity of data—including passwords, personal information, messages, cookies, and more—to leak all over the internet. If you haven’t heard of the so-called Cloudbleed vulnerability, keep reading. This is a scary big deal.

Let’s start with the good news. Cloudflare, one of the world’s largest internet security companies, acted fast when security researcher Tavis Ormandy of Google’s Project Zero identified the vulnerability.

The bad news is that the Cloudflare-backed websites had been leaking data for months before Ormandy noticed the bug. Cloudflare says the earliest data leak dates back to September 2016. It’s so far unclear if blackhat hackers had already found the vulnerability and exploited it secretly before Cloudflare fixed its code. Cloudfare’s clients include huge companies like Uber, OKCupid, 1Password, and FitBit. That means a holy fuck ton of sensitive data has potentially been compromised.


Continue readingEverything You Need to Know About Cloudbleed, the Latest Internet Security Disaster
Posted inLinks

White House Bars Times and Other News Outlets From Briefing

Michael M. Grynbaum, reporting for The New York Times:

Reporters from The Times, BuzzFeed News, CNN, The Los Angeles Times and Politico were not allowed to enter the West Wing office of the press secretary, Sean M. Spicer, for the scheduled briefing. Aides to Mr. Spicer only allowed in reporters from a handpicked group of news organizations that, the White House said, had been previously confirmed.

Those organizations included Breitbart News, the One America News Network and The Washington Times, all with conservative leanings. Journalists from ABC, CBS, The Wall Street Journal, Bloomberg, and Fox News also attended.

Reporters from Time magazine and The Associated Press, who were set to be allowed in, chose not to attend the briefing in protest of the White House’s actions.


Continue readingWhite House Bars Times and Other News Outlets From Briefing
Posted inLinks