Hacker News new | past | comments | ask | show | jobs | submit | david422's comments login

When iOS + apps came out, Apple had a system whereby when an app got uninstalled it prompted the user for a star rating and review. Guess who was doing all the uninstalling? People that hated the apps, and app ratings reflected that.

Here's a format I really like:

3CatsHave12Legs!

Easy to memorize, and pretty strong.


The vast majority of passwords does not need to be easy to memorize because they should be stored in a password manager. In fact, I'd argue that the harder it is to memorize, the stronger the password.

Yet they still need to be typed on cell phone keyboards, TVs, or communicated over phone (shared passwords are the best compromise if asymmetric cryptography is not an option), in which case you usually need to spell it out anyway.


Cell phone keyboards should have a "QR code input" and then you could just use a QR code generated by your password manager dynamically.

Why mention memorizing passwords? Most people have dozens of passwords, and most people would have trouble memorizing even a simple word for dozens of passwords. I have a lot of trouble with those annoying security questions which one would assume would be constant and easy to answer.

Have you not memorized the password to your password manager?

How would that even work?


FaceID or YubiKey

Ok, but if there isn't a high-entropy sequence of "something you know" somewhere in the system, you've created some pretty bad failure modes. 1Password requires a master password periodically, but can otherwise be unlocked by AppleID (presumably also true for secure-element biometrics on other platforms).

I maintain that a good secrets management system has a number of passwords which should be memorizable (and memorized) which is greater than zero. Possibly by only one element.


Every password manager I know of, including Apple's, requires a strong password to unlock the vault. FaceID or YubiKey allow me to bypass typing that so often, but anyone trying to get into my accounts or password manager would have to know the strong password and get past the physical/biometric 2FA.

How many more passwords of this format can you construct? `have` is fixed, the `!` at the end is a classic, and the 12 number is pre-determined by true cats and the 3. So the only degrees of freedom you have are:

- the entity number (3)

- the kind of entity (Cats)

- the kind of part (Legs)

and that's not a huge number of combinations.


"My4BikesHave9WheelsBecause1IsATricycle?" is a valid one for example?

The question mark makes this look like it's the title of a new hit light novel

You have to type that all in without error and the archaic app needs to actually support that many characters

Typing that all in without error is considerably easier than typing TMJ0ltu*zif52Cb& in without error.

I write longer passwords than that periodically. Archaic applications will get shorter variants. No two app will share the same password.

All are no problems for me. With or without a password manager.


I would say rule of thumb, websockets are for two way realtime communication, http chunked is just for 1 way streaming communication.


Honestly, there are people that will always want free stuff, and that just needs to be accepted. Free users can give feedback, can spread info by word of mouth, and can also turn into paid users. A smart developer will try to use them as an asset - which seems to be the authors intention by offering promo codes.


Whenever I upgrade computers, I never transfer, just start fresh. I keep old hard drives around and have backups in case I need stuff but... all that stuff I accumulate I don't actually need.


Well the other thing is paying for luggage. No-one wants to pay for luggage. But if luggage is free, it means that everyone with no/small luggage is just subsidizing those with luggage.


Charging for luggage is fine.

The problem is when luggage costs the same or more as ticket without luggage.


My co-worker gave me the quote - "if you have more microservices than clients, you're doing it wrong". Not sure if it was original or not but makes sense to me.


Also if you have more microservices than you have requests per second.


I've read - because if a user uploads content that gets you on a list that blocks your domain - you could technically switch user content domains for your hosting after purging the bad content. If it's hosted under your primary domain, your primary domain is still going to be on that blocked list.

Example I have is - I have a domain that allows users to upload images. Some people abuse that. If google delists that domain, I haven't lost SEO if the user content domain gets delisted.


This is probably the best reason. I had a project where it went in reverse. It was a type of content that was controlled in certain countries. We launched a new feature and suddenly started getting reports from users in one country that they couldn't get into the app anymore. After going down a ton of dead ends, we realized that in this country, the ISPs blocked our public web site domain, but not the domain the app used. The new feature had been launched on a subdomain of the web site as part of a plan to consolidate domains. We switched the new feature to another domain, and the problems stopped.


I think he's actually saying that humans will value a couple of humans more than thousands of octopuses, just phrased oddly.


Why the hell isn't that list in alphabetical order. No, the random groupings aren't helpful for me to find things at all.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: