To those in the know, it's not really uncommon knowledge.
Whenever you have control over somebody else's organism, suicide isn't something which makes sense definitionally, even if his own body was used to kill him.
You're welcome to look into what those around him said regarding his detention and death.
He is just a well-publicized example.
Many of you here have probably used darknet markets, if so, your vendors are likely neurocompromised as well.
> Whenever you have control over somebody else's organism, suicide isn't something which makes sense definitionally, even if his own body was used to kill him.
> your vendors are likely neurocompromised as well.
Much of the drug trade is ran less than consensually, as is common knowledge.
Often even people envolved aren't even aware these technologies are being utilized, to those who are, their position is often simple: you do what we say or we torture you, even in protective custody, as surgery isn't really practical.
To be clear, your claim is that 'much of the drug trade is r[u]n less than consensually' via some kind of undocumented, unknown-to-most brain implant that can be used to remotely torture people for non-compliance?
That claim falls apart as soon as it touches reality: there are a _lot_ of people who are involved in the drug trade, now and in the past. At some point, one of those people would definitely have had a CT or an MRI on their skull (e.g. my dentist does a whole head CT every 5 years as part of the normal process and insurance pays for it). Surely _one_ of those people would have noticed a brain implant.
>At some point, one of those people would definitely have had a CT or an MRI on their skull
The tech is adversarially designed, you're assuming the medical supply chains are not compromised, and are dramatically underestimating the sophistication involved here generally.
You can't even assume the people interpreting the results are uncompromised, are trained to interpret results in the context of adversarial technology, or are even physiologically able to accurately interpret what they are looking at. This has it's roots in military intelligence, it's not a trivial compromise.
There is a long history of militant and/or criminal (what's the difference) usage of adversarially designed brain-computer interfaces that you will not find documented.
Unless you have proper clearance or are involved with one of the parties propagating them, anyway.
>before the current wave of corruption in the whitehouse.
Nice username, GRUez.
>Again, with the proper licenses. Believe it or not, you too can buy methamphetamine legally if you have a prescription! It even has a snazzy brand name, desoxyn.
What a headache. Too bad it's not provided in a formulation suitable for vaporization. Big pharma needs to get on this immediately.
The legal system is a joke which received the amount of engagement it deserves.
As well as their domestic and national security apperatus, actually. Their own citizens are being used to propagate brain-computer interfaces amongst their own people.
The people involved in January 6th were manipulated by external intelligence influences, and really had no choice in committing their crimes.
Much of our legal system is based on the incarceration or individuals who are deeply compromised and have zero choice in their actions, pardons need to become more commonplace until a more mature approach is taken here.
Fair! I did think about this a lot. Initially, I also thought "8 characters of any kind" are fair enough. Then read a lot and decided a bit more security would be good. But honestly, given what you wrote, I did find myself happy that I had an account before this security measurement. So I guess, I'm of your opinion.
However, the app does not enforce lowercase/uppercase. It uses Laravels uncompromised() function which I think makes sense. It checks against https://haveibeenpwned.com/Passwords.
I'm happy to discuss length! But I think the uncompromised makes sense. But happy to hear any arguments!
If it makes it harder to register, that is still an argument and must be discussed against the argument of security. I'd love to hear other peoples thoughts here since security vs usability is always a complicated thing.
Don't make your password requirements less strict. Don't encourage people to use weak passwords that are likely shared across sites. That leads to pain and suffering over the long term.
If you want to reduce friction for people who don't/won't use a password manager, provide a passwordless option like a login link that is e-mailed to them. Yes, people will likely complain about "your service is supposed to be my email, why are you requiring an e-mail to login", in which case they should be using a strong password.
To the person requesting weak passwords: Just set up google or firefox password password manager, it will auto suggest a strong password on the registration page and save it for use across devices. There is zero reason to be using the same password across accounts, and a lot of reason not to.
Attackers do actively try passwords you have used on other sites to try to compromise your accounts elsewhere. This happens when services leak passwords or password hashes. If your password is short and lowercase, it really doesn't matter if only your password hash has been leaked, it might as well have just been the password itself. This is the lowest-hanging fruit for attackers.
Thanks for your opinion. I appreciate it. I think that makes a lot of sense.
I also like the idea of passwordless, I'll definitely have a look at that!
There really are only two dials you can turn to increase the security of a password, and that's length of the character set (the characters that the user can use in their password) and length of the password itself.
People should be using a password manager, then they can set that to 100/200 characters. Even if all lower case, it will be unbreakable (assuming a modern/secure one way hashing algorithm, and the password manager is truly random.).
If they are not using a password manager and use something like `waterfall!X` (because you enforce a special character and capital letter) you haven't actually increased entropy by that much, compared to a longer password. Them making up a 100 character password will almost guarantee more entropy than a short password they make up like `waterfall!X`
Yes, I did read up a lot about password security the last few years. But still, I'm worried a very secure policy restricts people from registering at all, see case above. What would you say is a good compromise?
Another thought I have discussed a lot is, this app is not something critical. It's not online banking, it saves very little about you (as little as possible), etc. - so what does this say about the compromise? If an account was to be compromised, an attacker would only have access to the todos, music, notes of a user. Now, todos and notes could be very telling, but I'm unsure about how much of a responsiblity I have as an admin to save users from this? Do you know what I mean?
Yeah I understand. I think my point is don’t add any other friction to the password strength other than length. If you want more security increase the min length, if you’re happy with less, lower it.
I’d personally have a 12 length password enforcement, a password strength meter and nothing else. Possibly less if you introduce 2fa.
I wouldn’t really call that AI slop. Some people just write longer posts because they’ve got a lot they want to get across, and you can usually tell it reflects their own opinions and what they think matters in the discussion. Actual AI-generated stuff tends to come off more generic and lacks that personal angle.
At least we have a pardon czar now. So many people have been coerced into committing crimes, with said coercion taking many different forms, there needs to be mass pardons across the board.
Very strange how people under indictment by the United States of America keep dying in custody.