This Really Annoys Me Pet Peeve Thread

JonM · Jun 8, 2017

What [80s TV star] looks like now is insane!

[Celebrity] reveals his secret illness!

CGVT · Jun 8, 2017

I don't click on obvious clickbait and if I click on something and it takes another click or more to read, I don't need to read it. **** that clickbait ****.

Schlenkerla · Jun 8, 2017

kombat said:
Those are all terrible passwords.

My pet peeve is dumb password rules. It has to have an uppercase, a lowercase, a number, a symbol, can't contain any words that are in the dictionary, can't include the same letter back-to-back... It's focusing on the wrong thing.

You were close, when you suggested:

I like the "person, place, thing, and date" idea, but no need to abbreviate or substitute in weird characters. "MiJoChB@1984" is both far less secure and much harder to remember than simply "MichaelJordanChicagoBasketball1984."

Length is far more important than complexity. See this XKCD comic for an illustration:

Why do you think they are terrible? Is it purely on length per your cartoon?

I would think a cryptic phrase would be harder to guess. The first example in the cartoon is one word with substitutions. The second example is four words with 25 characters. The example below is 14 words broken up with 25 characters as well.

Anyhow, it's more of a memory thing for me. Like a phrase you know very well, then convert it into a password. The means to do so is OK if you're consistent.

I have a favorite saying. "A man needs to believe in something, I believe I will have another beer."

AM@NeT0Be1nSoIBeIWiHaAnBe.

How likely is that going to cracked? More importantly I think it's easy to remember. The first letter of every word is capitalized and you only use two letters.

The twist is the special characters.

I used;

The first lower case "a" to be @.

The "o" to change to 0.

The first "i" to change into a 1.

Schlenkerla · Jun 8, 2017

BTW - I read about this somewhere on Life Hacker. It's not my idea. I found it to be a simple way to make secure passwords and remember them.

kombat · Jun 9, 2017

CGVT said:
I don't click on obvious clickbait and if I click on something and it takes another click or more to read, I don't need to read it.

I clicked on a clickbait link once, and you won't BELIEVE what happened next ...

<<Next>>

kombat · Jun 9, 2017

Schlenkerla said:
Why do you think they are terrible?

Schlenkerla said:
Pass phrase: God damn, mother fuker, piece of $hit, *** you, mother fuker, (forth of July 1976)

Actual Password: GoDaMoFuPiOf$hFuYoMoFu7476

Length is great, but the phrase from which it is derived is complicated, and you've got a special character ('$') standing in for an 'S'. Are you going to remember that whole phrase? Are you going to remember where you swapped in the weird character? Was it a zero for an 'O'? or a one for an 'L'? Are you going to remember the date format? Was it month/day or day/month? With/without leading 0's? Were there slashes? Also, the continual alternation between upper and lowercase, particularly over such a long string, is going to make it ripe for typos.

Schlenkerla said:
Michael Jordan, Chicago, b@sketball 1984

Password: MiJoChB@1984

Already dissected earlier, but the main problems are length, weird character, unnecessary abbreviations, and alternating upper/lower case characters.

Schlenkerla said:
Donald Trump likes to watch Russian whores piss on mattresses. Jan 20th 2017

DoTrLiToWaRuWhPiOnM@012017

Length is great, which makes all the convolution unnecessary. Was it Russian whores or Russian hookers? Was it mattress or bed? Was it "Donald Trump" or just "Trump?" And again, with the unnecessary, out-of-place weird character.

Schlenkerla said:
I would think a cryptic phrase would be harder to guess.

Right, and that's the problem. Sysadmins are trying to defend us from humans trying to "guess" our passwords. "Don't use your pet's name! Don't use your street name!"

Trouble is, nobody's trying to guess your password. Hackers get a hold of a hashed password file, and leverage networks of load-sharing computers to brute-force your password. They're trying every combination of every possible character. Expanding the pool of potential characters helps some, but not as much as increasing the length. 74^10 (10 character password, using only numbers and upper/lowercase letters) is much bigger than 93^8 (8 character password, all numbers, upper/lowercase letters, punctuation, and common special characters).

They don't do dictionary attacks anymore (well, they might start out with that, since it's trivially fast now), but if they can't find it in their pool of common passwords, they just start going through every combination, getting longer and longer, until they find a match. They can try every combination of 2 characters in milliseconds. Same for 3 characters. 4 characters, they can exhaust the problem space in seconds/minutes. But it takes exponentially longer with each added character.

10 characters should be a bare-minimum length for passwords, but even those can be cracked fairly quickly with sufficient computing power. 14 characters or longer takes so long that hackers will give up and move on to the next one (at least, with current computing power).

So yes, it's primarily the length that matters.

Schlenkerla said:
The first example in the cartoon is one word with substitutions. The second example is four words with 25 characters. The example below is 14 words broken up with 25 characters as well.

Right. But "CorrectHorseBatteryStaple" is far easier to remember than "AM@NeT0Be1nSoIBeIWiHaAnBe." And your pattern of "Person, Place, Thing and Date" is even better still, in my opinion, because instead of having to remember 4 random words, you can use a particular event that is meaningful to you (i.e., "SchlenkerlaDenverBirthdayJune091980", or an anniversary, your graduation, whatever).

Schlenkerla said:
Anyhow, it's more of a memory thing for me. Like a phrase you know very well, then convert it into a password. The means to do so is OK if you're consistent.

I do the same thing, but not because it's easy, because my employer's password rules have archaic requirements. Ironically, using the actual phrase itself would be far more secure than the shorter, more convoluted hash I'm forced to derive from it.

Removing the requirement to maintain a "consistent means" of converting a phrase into a password can only make the passwords both easier to remember (i.e., ditch the "means" of conversion altogether) and more secure (because you're using the longer actual phrase, rather than a shortened hash of it).

Schlenkerla said:
I have a favorite saying. "A man needs to believe in something, I believe I will have another beer."

AM@NeT0Be1nSoIBeIWiHaAnBe.

How likely is that going to cracked?

It's not. It's plenty long. But it's hard to remember. Not the phrase, that's easy (I already remember it), but the weird abbreviations and substitutions you're doing. Ironically, if you ditched the shortening and substitutions, it would be a FAR MORE secure password (wrapped in code tags to keep BBcode from inserting a space):

Code:

Amanneedstobelieveinsomething,IbelieveIwillhaveanotherbeer.

Heck, you could chop off the second half altogether and it would still be almost as secure as the first one (which, at 26 characters, far exceeds anything crackable with current technology). That is, "Amanneedstobelieveinsomething" is an exceptionally secure password, and much easier to remember and input correctly than your version.

Schlenkerla said:
More importantly I think it's easy to remember.

The phrase is, yes, for sure. It's the "convolution" rules that are the problem.

Schlenkerla said:
The twist is the special characters.

That's entirely my point: There doesn't NEED to be a "twist." That's old school password thinking. Humans aren't guessing passwords anymore. We've moved past that. It's computers, throwing every possible combination of every possible character at your password's hash until it gets a match.

JonM · Jun 9, 2017

Ooh - George Carlin's seven dirty words:

ShFuPiCuCoMoTi.

(Guess where he got arrested for that bit? Yup, right here in Milwaukee.)

View attachment ImageUploadedByHome Brew1497010949.900311.jpg

Anon111 · Jun 9, 2017

If you use a secure password container, thus no need to remember the password, there's a nice password generator in Wolfram Alpha: http://www.wolframalpha.com/input/?...C",+""}+->+{{"Formula",+"generate+password"}}

dkwolf · Jun 9, 2017

GerritT said:
If you use a secure password container, thus no need to remember the password, there's a nice password generator in Wolfram Alpha: http://www.wolframalpha.com/input/?...C",+""}+->+{{"Formula",+"generate+password"}}

And then they only need to hack ONE of your passwords to get them all.

Anon111 · Jun 9, 2017

dkwolf said:
And then they only need to hack ONE of your passwords to get them all.

If someone has access to your machine, then it's only a matter of time anyway.
And good luck with Password Safe https://pwsafe.org

betarhoalphadelta · Jun 9, 2017

dkwolf said:
And then they only need to hack ONE of your passwords to get them all.

That's true, but I trust Lastpass to stay on top of security more than I trust other companies for whom password security isn't their primary line of work.

Schlenkerla · Jun 9, 2017

kombat said:
Length is great, but the phrase from which it is derived is complicated, and you've got a special character ('$') standing in for an 'S'. Are you going to remember that whole phrase? Are you going to remember where you swapped in the weird character? Was it a zero for an 'O'? or a one for an 'L'? Are you going to remember the date format? Was it month/day or day/month? With/without leading 0's? Were there slashes? Also, the continual alternation between upper and lowercase, particularly over such a long string, is going to make it ripe for typos.

Already dissected earlier, but the main problems are length, weird character, unnecessary abbreviations, and alternating upper/lower case characters.

Length is great, which makes all the convolution unnecessary. Was it Russian whores or Russian hookers? Was it mattress or bed? Was it "Donald Trump" or just "Trump?" And again, with the unnecessary, out-of-place weird character.

Right, and that's the problem. Sysadmins are trying to defend us from humans trying to "guess" our passwords. "Don't use your pet's name! Don't use your street name!"

Trouble is, nobody's trying to guess your password. Hackers get a hold of a hashed password file, and leverage networks of load-sharing computers to brute-force your password. They're trying every combination of every possible character. Expanding the pool of potential characters helps some, but not as much as increasing the length. 74^10 (10 character password, using only numbers and upper/lowercase letters) is much bigger than 93^8 (8 character password, all numbers, upper/lowercase letters, punctuation, and common special characters).

They don't do dictionary attacks anymore (well, they might start out with that, since it's trivially fast now), but if they can't find it in their pool of common passwords, they just start going through every combination, getting longer and longer, until they find a match. They can try every combination of 2 characters in milliseconds. Same for 3 characters. 4 characters, they can exhaust the problem space in seconds/minutes. But it takes exponentially longer with each added character.

10 characters should be a bare-minimum length for passwords, but even those can be cracked fairly quickly with sufficient computing power. 14 characters or longer takes so long that hackers will give up and move on to the next one (at least, with current computing power).

So yes, it's primarily the length that matters.

Right. But "CorrectHorseBatteryStaple" is far easier to remember than "AM@NeT0Be1nSoIBeIWiHaAnBe." And your pattern of "Person, Place, Thing and Date" is even better still, in my opinion, because instead of having to remember 4 random words, you can use a particular event that is meaningful to you (i.e., "SchlenkerlaDenverBirthdayJune091980", or an anniversary, your graduation, whatever).

I do the same thing, but not because it's easy, because my employer's password rules have archaic requirements. Ironically, using the actual phrase itself would be far more secure than the shorter, more convoluted hash I'm forced to derive from it.

Removing the requirement to maintain a "consistent means" of converting a phrase into a password can only make the passwords both easier to remember (i.e., ditch the "means" of conversion altogether) and more secure (because you're using the longer actual phrase, rather than a shortened hash of it).

It's not. It's plenty long. But it's hard to remember. Not the phrase, that's easy (I already remember it), but the weird abbreviations and substitutions you're doing. Ironically, if you ditched the shortening and substitutions, it would be a FAR MORE secure password (wrapped in code tags to keep BBcode from inserting a space):

Code:

Amanneedstobelieveinsomething,IbelieveIwillhaveanotherbeer.

Heck, you could chop off the second half altogether and it would still be almost as secure as the first one (which, at 26 characters, far exceeds anything crackable with current technology). That is, "Amanneedstobelieveinsomething" is an exceptionally secure password, and much easier to remember and input correctly than your version.

The phrase is, yes, for sure. It's the "convolution" rules that are the problem.

That's entirely my point: There doesn't NEED to be a "twist." That's old school password thinking. Humans aren't guessing passwords anymore. We've moved past that. It's computers, throwing every possible combination of every possible character at your password's hash until it gets a match.

I don't have a problem with memorizing them. Been doing it this way for 5 years on my Linux machine. I have one I use regularly and I have little to no issues with typos (drunk or sober). I usually use the last two vowels as the number substitution.

I will say that my employer has fully encrypted hard drives and requires two factor authentication on every pc. The password strength is less critical now.

On my chromebook and chromebox I have two factor authentication as well. They also have a "smart unlock" feature which uses a bluetooth connection to one's cell phone to unlock or bypass the login. Your cell phone needs to be close by and unlocked. All you have to do is click on the login avatar.

Black Island Brewer · Jun 10, 2017

What really annoys me are threads that get derailed by BuShThLiPaWds

Schlenkerla · Jun 10, 2017

Black Island Brewer said:
What really annoys me are threads that get derailed by BuShThLiPaWds

RhTfLmA0.

Schlenkerla · Jun 10, 2017

Have a new one.

Today some moron brought his dog to a little league game. Then chained the thing to some aluminum bleachers. The dog goes bezerk and barks and jumps every farking time the ball is thrown. I'm like WTF. You couldn't leave it at home?

Luckly they only played 3 innings.

Zuljin · Jun 10, 2017

People who don't take the test.

JonM · Jun 10, 2017

So last weekend I rented a gas pressure washer. I waited until after 9:00 to run it in the alley and after 10:00 to run it between my house and the neighbor's house. I need to run my gas chainsaw at my parents' house in a little bit but I'm waiting until at least 9:30 or 10:00 to do it.

As I sit here at 6:25 a.m., some bonehead is mowing the lawn up the street. Sheesh.

Schlenkerla · Jun 10, 2017

Zuljin said:
People who don't take the test.

IM me what the test is.... I asked. No body responded with an actual answer.

GrogNerd · Jun 10, 2017

JonM said:
So last weekend I rented a gas pressure washer. I waited until after 9:00 to run it in the alley and after 10:00 to run it between my house and the neighbor's house. I need to run my gas chainsaw at my parents' house in a little bit but I'm waiting until at least 9:30 or 10:00 to do it.

As I sit here at 6:25 a.m., some bonehead is mowing the lawn up the street. Sheesh.

I went to rent a gas pressure washer yesterday and they wouldn't let me take it home in my car

KayaBrew · Jun 10, 2017

I feel ashamed at admitting this one. I can't get my ******* $30 sprinkler to water my garden only and not my house.

Kharnynb · Jun 10, 2017

I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....

GrogNerd · Jun 10, 2017

Kharnynb said:
I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....

got someone on our court like that. can't do 60, not enough street, plus his car is a junker.

he works for a beer distributor and hooks me up with beer. last time was a 12-pack of Founders' All Day IPA.

so, I'm conflicted

Schlenkerla · Jun 10, 2017

Kharnynb said:
I'm starting to think if I should just invest in a spike strip.

There's some idiot that drives every day in the morning through our tiny suburbian street at about 60 mph while on his freaking mobile phone, just about when I step out to to walk the dog.....

Not only is it ludicrously fast to drive through a tiny just-and-just 2way street with blind corners, our side of the road doesn't have pavement so a lot of houses just have hedges straight on the road with children living here....

Call the police. Let them know it's happening. They will eventually set out a trap for that fool. Especially if you know the time it occurs.

I called the police before at my in-laws. There's street parking with only one lane upon for traffic. Some dude was barreling down the street recklessly fast. The next day they were in the cul-de-sac waiting for that fool.

Don't know if they ever busted him. They were waiting there.

Schlenkerla · Jun 10, 2017

KayaBrew said:
I feel ashamed at admitting this one. I can't get my ******* $30 sprinkler to water my garden only and not my house.

Post a picture of the damn thing.

You can put a cheap ball valve just before the sprinkler to restrict flow.

You can also try kinking the hose to test this.

dkwolf · Jun 10, 2017

KayaBrew said:
I feel ashamed at admitting this one. I can't get my ******* $30 sprinkler to water my garden only and not my house.

Schlenkerla said:
Post a picture of the damn thing.

You can put a cheap ball valve just before the sprinkler to restrict flow.

You can also try kinking the hose to test this.

What type of sprinker? Oscillating, impulse, or any other adjustable type? Or a "simple" pattern type?

I've got an impact type sprinkler that I can adjust to hit almost all of my trapezoid-shaped yard, and not spray the house or garden shed. Took about an hour of standing there watching it cycle to get it set right, but once it was set, I just have to make sure to set it in the same spot every time and it's golden.

Hoppity · Jun 10, 2017

People who badger others who won't take a test with too many stupid questions that takes more time than it is worth.

Schlenkerla · Jun 11, 2017

Hoppity said:
People who badger others who won't take a test with too many stupid questions that takes more time than it is worth.

What's it's worth?

Hoppity · Jun 13, 2017

Schlenkerla said:
What's it's worth?

Add that question to the test and even more will refuse to join the club. Speak English much?

Schlenkerla · Jun 13, 2017

Hoppity said:
Add that question to the test and even more will refuse to join the club. Speak English much?

Maybe I missed it, twice it wasn't clear what the test is unless it's a euphemism. My defense is being drunk, dense, and lazy.

Hoppity · Jun 14, 2017

Schlenkerla said:
Maybe I missed it, twice it wasn't clear what the test is unless it's a euphemism. My defense is being drunk, dense, and lazy.

Sorry. It was a very active thread that appears to have been deleted. To participate, there was a questionnaire you had to answer: "The Test". Your response to over 50 questions established you as a poster on the thread. If you did not, you were shunned by the group who had taken/created/added to "The Test".

I posted there a few times, was reminded to take the "The Test", and may have insulted them about their sophomoric exclusionary club when they insisted I take "The Test". I walked away.

I'm sure the thread started with the spirit of good fun. In retrospect, the participants were just updating each other with the mundane details of their daily lives. Not a lot of memorable brew tips were lost when the thread was deleted.

This Really Annoys Me Pet Peeve Thread

Help Support Homebrew Talk:

Well-Known Member

Senior Member

Supporting Member

Supporting Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Supporting Member

Supporting Member

An Ode to Beer

Supporting Member

Supporting Member

I come from the water

Well-Known Member

Supporting Member

mean old man

Well-Known Member

Supporting Member

mean old man

Supporting Member

Supporting Member

Well-Known Member

Just brew it!

Supporting Member

Just brew it!

Supporting Member

Just brew it!

Similar threads