That's the verdict of a comprehensive review of the science on the subject recently published in Psychological Science in the Public Interest. The team behind the research looked at decades of studies focused on all manner of techniques and apps that promise to help you devour words at an incredible clip. Sadly, what they found is that what looks too good to be true almost certainly is.
blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/, posted 21 Feb by peter in communication networking security
The PCI Council says you must remove completely support for SSL 3.0 and TLS 1.0. In short: servers and clients should disable SSL and then preferably transition everything to TLS 1.2.
However, TLS 1.1 can be acceptable if configured properly. The Council points to a NISTpublication that tells you how to do this configuration.
Debian should not have adopted it for at least a few more years; they’re supposed to be the slow, steady, and stable distro. Their quick move to systemd hurt a lot of feelings and caused half their team to leave for Devuan. That shouldn’t happen. If your team is that fiercely split on an issue, the correct response it to leave the status quo alone until cooler heads prevail. Debian lost a lot of their reputation for stability because of this.
wastholm.tumblr.com/post/139587515277/stockholm-nofilter-at-strömbron, posted 19 Feb by peter in nofilter stockholm
wastholm.tumblr.com/post/139532941897/my-son-wrote-me-a-letter-today-incidentally-i, posted 18 Feb by peter
https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016, posted 18 Feb by peter in development reference security toread
The Problem: You want people to be able to create a unique user account, with a password, which they will use to access your application. How can you safely implement this feature?
Easiest Solution: Use libsodium, which provides a secure password hashing API in most languages. As of version 1.0.8 it uses the scrypt algorithm, but in the next release (1.0.9) it will also offer Argon2, the most recent, carefully-selected algorithm from the Password Hashing Competition. Libsodium offers bindings for most programming languages.