ijk64✅ @ijk64@m.futex.au

LastPass's default password KDFs:
2008-6/2012: SHA256(email || password)
6/2012-2/2013: PBKDF2-SHA256 500* [1]
2/2013-7/2018: PBKDF2-SHA256 5,000 [2]
7/2018-now: PBKDF2-SHA256 100,100 [3]
* I shamed the CEO into increasing this. "I think it is irresponsible to tell your users the recommended iteration count is 500. When 12 years ago, PBKDF2 had a recommended minimum iteration count of 1000."

[1] https://blog.lastpass.com/2012/06/lastpass-2-0-managing-and-protecting-your-online-life-just-got-more-awesome/
[2] https://blog.lastpass.com/2013/02/lastpass-2-0-20-released-for-all-browsers-featuring-an-automated-security-score/
[3] https://blog.lastpass.com/2018/07/lastpass-bugcrowd-update/

Gonna write this up in longer form, but folks complaining that the $45bn Ukraine costs are high miss two key points:

1. The direct costs in military aid are surprisingly small; in the order of $19bn this year, and $10.8bn committed (so far) for next year

2. The indirect economic costs of the Russian war to the US economy (i.e. to the private sector not via the government) are in the order of $600-700bn per year. To pick a random company, it's nearly $6-10bn in costs to Apple *alone*.

A partial list of Fediverse software in alphabetical order:

akkoma
bonfire
bookwyrm
calckey
castopod
diaspora
drupal (with plug-in)
epicyon
friendica
funkwhale
gancio
gitea
gnusocial
gotosocial
greatape
guppe
hubzilla
immers space
kbin
ktistec
lemmy
mastodon
misskey
mobilizon
nextcloud
owncast
peertube
pixelfed
pleroma
plume
prismo
rebased
smithereen
socialhome
streams
takahe
writefreely
wordpress (with plug-in)
zap

7 things all kids need to hear

1 I love you

2 I'm proud of you

3 I'm sorry

4 I forgive you

5 I'm listening

6 RAID is not backup. Make offsite backups. Verify backup. Find out restore time. Otherwise, you got what we call Schrödinger backup

7 You've got what it takes

<slow clap>

https://www.smbc-comics.com/comic/jpeg

Nice read from The Verge on the #LastPassBreach: “The #LastPass disclosure of leaked password vaults is being torn apart by security experts”

Quoting Jeremi Gosney @epixoip, Jeffrey Goldberg @jpgoldberg and yours truly.

https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal

My kids are watching this classic scene from Sesame Street and are just as confused as the Yip Yips. They have absolutely no conception of what this thing is. The humor of the scene has truly come full circle.

Over the last few days, I experimented with moving my Twitter archive to my personal #Mastodon account @luca@social.luca.run and finally succeeded.

I had to modify the Mastodon source to allow backdated posts and prevent it from spamming other instances with old posts. Because image descriptions aren't included in the Twitter export, I had to request them from the API. There I got full text for truncated Retweets as well.

Incomplete notes:
https://github.com/lucahammer/fediporter

#TwitterMigration #MastoAdmin

When you’re three months into that side project you said would take a weekend.

Building a new Commodore C64 with all new components

https://hackaday.com/2022/12/28/building-a-new-commodore-64-in-2022-with-all-new-components/

Today's was ez ​:petergriffin:​

https://figure.game
Figure #185
🥇 1 try
😎 No hints
⏱ 0 min 22 sec

RE: https://mk.absturztau.be/notes/99cdmw1n1a

Why Attackers Target GitHub, and How You Can Secure It https://www.darkreading.com/edge-articles/why-attackers-target-github-and-how-you-can-secure-it

Oops, looks like #twitterdown
API returning 503

IN CASE OF FIRE:

1) If someone is on fire, punch them in the face.

2) Cop a feel off the person behind you, as these might be your last minutes on Earth.

3) Squeeze the junk of the person in front of you. It'll slow them down, allowing you to move ahead of them.

4) Exit.

BREAKING: Greta Thunberg response to Andrew Tate has been hung in the Louvre.

Sherlock Holmes will finally escape copyright this weekend

https://www.theverge.com/2022/12/28/23528003/sherlock-holmes-metropolis-to-the-lighthouse-public-domain-day-2023