New hotel, new cloned keycard.
The previous version of NIST SP 800-63B, section 5.1.1.2, said that organizations SHOULD NOT require users to update their passwords on a regular basis, unless they believe that the password was compromised. The 2025-05-30 version moved that to section 3.1.1.2 and updated it to say organizations SHALL NOT do that.
Now whenever a website emails me to say I have to update my password because it’s been a month or two since I last did it, I report a security bug to them:
The website has a security flaw: it makes users rotate their passwords periodically. This is against the security controls in NIST Special Publication 800-63B-4, “Digital Identity Guidelines”, section 3.1.1.2, clause 6, which reads:
“6. Verifiers and CSPs SHALL NOT require subscribers to change passwords periodically. However, verifiers SHALL force a change if there is evidence that the authenticator has been compromised.”
Please fix the website to remove this requirement. Thank you.
If we all do this, maybe it’ll get into their heads that it’s a bad idea to make users change their passwords just for the sake of it.
I don’t care how beautiful and well made Hollow Night: Silksong is. I hate this game and as soon as I beat this boss, I’m done for the night.
4 hours later…
I cannot stress this enough: if you have more to your name than fits in your pocket, and you have more than one person in your immediate family circle, have a will made.
I have ringside seats to what happens when you don’t, and it’s horrible. Money can make survivors lose their damn minds.
I’m using Ansible to manage a small fleet of Raspberry Pis. I’d been using the copy module to set a value in /sys:
- name: Enable compressed swap now (with zsmalloc)
become: true
ansible.builtin.copy:
content: zsmalloc
dest: /sys/module/zswap/parameters/zpool
unsafe_writes: true
But that always reports that the file changed, even if it already had that value. Today I got the lineinfile module to update the value. This only says the value changed when it actually did:
- name: Enable compressed swap now (with zsmalloc)
become: true
ansible.builtin.lineinfile:
path: /sys/module/zswap/parameters/zpool
regexp: "^(?!zsmalloc).*$"
line: zsmalloc
unsafe_writes: true
Since these “files” only have one line, this uses regexp to see if that line already matches the expected value. If so, it moves on. If not, it writes the new value.
Note: unsafe_writes: true is there because you can’t write arbitrary filenames into /sys and then mv them into place. You have to write directly to the target “file”.
The little desk thermometer my mom’s sales rep gave her way back when.
Smile!
I’m looking at the old, unused clothesline and remembering hanging up clothes to dry when I was younger. That made me think of when my dad taught me how to make a springed, wooden clothespin into a little gun that could shoot self-striking matches across the room.
And then it occurred to me that people might get mad at you for teaching a young kid how to make burning match guns.
Dad was always great about sharing dangerous knowledge.
This is a “breakfast fatty”. It’s basket woven bacon, layered with sausage, then eggs and cheese, and rolled up, basted with maple syrup, and smoked for 2 hours.
The Midwest is not known for its healthy food, but wow, does it ever taste good.
I could either fly out at 5AM with a 1 hour layover, or 7AM with a 6 hour. And that’s why I’m sipping coffee at 0230.