Forcing Users To think up More Complex Passwords / Ease of Remembering Them

Are there any guidelines on the play-off between forcing users to have complex passwords (longer, including numbers and special characters etc) – and the reduction in security if users therefore have to write down these passwords because they can’t remember them ?

To clarify: what I’m thinking about here is where users may have their own preferred (and memorised) set of passwords, but get forced by sites to start making them longer; or adding a number, or sites which just refuse to accept the password unless the site itself deems it strong enough ( hello Google ). So users then have to think of other passwords that fit these particular criteria – which being non standard ones they are then more likely to write down.

So I guess the question is what do users actually do when confronted with a site which tries to force them to use passwords with particular formatting.

I think one of my players wants to leave the campaign

I am a relatively new DM. I am running my first campaign, which started about a year ago, with some close friends from college. We have all played d&d before, but this is the first time I’m DMing. My group is very roleplay-oriented, and so I’ve had a ton of fun planning out dramatic character moments and building tension for my friends. I’ve also gotten some really nice feedback from some of my players which has made me really pleased.

Over the past few months, there has been some conflict surrounding one of my players. On the one hand, the other players and I noticed she would derail or take over sessions (which I talked about with her awhile ago). On the other hand, she has complained a few times about another player having too much of the spotlight. We took this to heart and thought up ways that we can engage other players in roleplays, and I have made sure that each character gets arcs equally tied into the main plot. She seemed satisfied with our solutions.

Since these conversations, I’ve reached out to her a few times about her character. At one point she said that her character may want to travel solo later in the game and if so she would role up a new character. But since then she hasn’t said anything to me about leaving or where she wants her character to go.

Over the past few sessions, she’s been acting pretty recklessly with her character. She (as the PC) has said that she doesn’t care if she dies, that she will go on suicide missions even when other PCs don’t want her to, and that she is uninterested in the main plot. This has been a little jarring for me, since she has not directly approached me about leaving the campaign or rolling a new character. Previously in conflicts, she seemed reluctant to talk to me, and I had to push her a little to communicate to me about the issues she was having with the campaign. This whole situation has been hurtful and upsetting for me, not only because she seems to dislike my campaign, but also because her character leaving would disrupt a lot of future plans, which were made specifically because of feedback she gave me.

I know that I will have to approach her and directly ask what she wants out of her character, but I’m putting it off because I have a lot of other stressful life things going on, and I’d rather not add new stress to the mix for now. I guess I just want an outside perspective. What can I do to keep her from leaving, and if she does leave, how can I smoothly transition the campaign? Any insight would be appreciated.

In a more advanced society that experiences incursions by monsters, do you think weapons such as guns would cost more or less the same as our society? [on hold]

I’m in the middle of creating my own role-play game set in a fantasy/sci-fi setting where the society is attacked fairly regular by monsters and the like; Due to this I’m having trouble with the pricing of weapons etcetera while keeping it balanced and affordable for players so they have a good variety of weapons to try out and buy.

[ Politics ] Open Question : I thought being POTUS is a 24/7 job. Do you think any other world leader spends his mornings like this?

After waking up early, Mr. Trump typically watches news shows recorded the previous night on his “Super TiVo,” several DVRs connected to a single remote. (The devices are set to record “Lou Dobbs Tonight” on Fox Business Network; “Hannity,” “Tucker Carlson Tonight” and “The Story With Martha MacCallum” on Fox News; and “Anderson Cooper 360” on CNN.) He takes in those shows, and the “Fox & Friends” morning program, then flings out comments on his iPhone. Then he watches as his tweets reverberate on cable channels and news sites. Source: https://www.nytimes.com/interactive/2019/11/02/us/politics/trump-twitter-presidency.html

[ Politics ] Open Question : Out of all the Democrats running for 2020, which one do you think will be the primary Democrat to run against Trump?

Michael Bennet Joe Biden Cory Booker Steve Bullock Pete Buttigieg Julian Castro John Delaney Tulsi Gabbard Kamala Harris Amy Klobuchar Wayne Messam Beto O’Rourke Bernie Sanders Joe Sestak Tom Steyer Elizabeth Warren Marianne Williamson Andrew Yang

I’m thinking of a layout like a tree in my webpage. I think that is the only way to go. is there some replacement?

I’m trying to make a layout design for a process. I have 3 types of users one is x , b and c. x does some work then b aproves it then c confirms it. But b can disaprove and open a ticket for x to do on that same task and c can do the same. Its confusing but I want to see them all in a single page about x did “work1” then b approved it but c declined it but created a ticket called “work2”. then x again did “work2” b approved it and then c confirmed it and the task ended. It required some sort of a tree view according to my perspective what do you think what sort of tree view would be better?

Android OPSEC – A collaborative think tank

I have been seeing multiple Android OPSEC questions.

So I will write down the current most effective security tactics for you Android smartphones and will kindly be asking for further tactics/functions/strategies/operations to secure Android devices (smartphones).


The current best setup from experience is the following:

Current Latest Android Version: 10

  1. Full Disk Encryption
  2. No Root
  3. Disabled USB debugging
  4. Latest Updates
  5. Disabled PIN/Fingerprint/FaceUnlock (Either completely disabled or lockdown-only disable / If you plan on using automated lockdown mode triggers)
  6. Strong Password.

    *This should take care of the unfortunate event where you phone is not in your possession and not communicating through any channels (e.g. SIM removed, WIFI disabled).


Additional/Optional tactics:

  • Tasker is an app that allows for advanced macros and triggers interacting extensively with the Android OS.
  • Google Find My Phone
  • Sensor based trigger/app that auto-lockdown in case phone gets snatched off hands (with a slider for how sensitive the trigger will be)

Feel free to answer with suggestions and anything that would be related to optimal security protocols for Android Smartphones.

[ Politics ] Open Question : Do you think Abby Huntsman and Meghan McCain should stand with their View hosts and call for Trump’s impeachment?

Trump has insulted Meghan’s father so many times and yet she’s still Republican.  She has even defended some of Trump’s actions: same with Huntsman.  Her father worked for Trump as an Ambassador.  

I think my server has become part of a botnet, but ClamAV can’t find anything

I know virtually nothing about Ubuntu so please be gentle. Recently my server host has contacted me saying they suspect my server is part of a botnet, specifically one that probes TCP ports. They’ve sent me logs, and it seems I’ve got a virus. I’ve run a full scan using ClamAV and it couldn’t find anything. I’m at a loss as to what to do. When I run the top command, a process with the command cron is using up almost all of the CPU (~99%) so I’m assuming this has something to do with it. All help is appreciated, thanks!

I think my server has been compromised

I have a server and it is generating a significant outgoing traffic to specific destinations.

I checked data traffic with vnstats.

The output is:

$   vnstat --days   eth0  /  daily           day         rx      |     tx      |    total    |   avg. rate      ------------------------+-------------+-------------+---------------       10/06/19     31.28 GiB |  283.25 GiB |  314.53 GiB |   31.27 Mbit/s       10/07/19     14.59 GiB |  267.76 GiB |  282.35 GiB |   28.07 Mbit/s       10/08/19      8.57 GiB |  175.44 GiB |  184.00 GiB |   18.29 Mbit/s       10/09/19      6.48 GiB |  110.51 GiB |  116.99 GiB |   11.63 Mbit/s       10/10/19     16.60 GiB |  425.42 GiB |  442.01 GiB |   43.95 Mbit/s       10/11/19     16.55 GiB |  418.97 GiB |  435.52 GiB |   43.30 Mbit/s       10/12/19     18.70 GiB |  481.74 GiB |  500.44 GiB |   49.75 Mbit/s       10/13/19    698.57 MiB |   15.10 GiB |   15.79 GiB |   23.28 Mbit/s      ------------------------+-------------+-------------+---------------      estimated     10.12 GiB |  224.22 GiB |  234.34 GiB | 

Additionally, I installed the app NetHogs to check which process is consuming traffic. This is the output:

NetHogs version 0.8.5-2        PID USER     PROGRAM                                                                                                                                                                DEV        SENT      RECEIVED            26357 tomcat   /opt/jdk1.8.0_221/bin/java                                                                                                                                             eth0     3336.312     113.169 KB/sec     20468 ubuntu   /usr/bin/python3                                                                                                                                                       eth0        0.245       1.428 KB/sec     25749 ubuntu   sshd: ubuntu@pts/3                                                                                                                                                     eth0        0.162       0.052 KB/sec         ? root     78.46.XXX.XXX:8248-159.203.YYY.YYY:58577                                                                                                                                            0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:8858-159.203.YYY.YYY:58577                                                                                                                                            0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:4322-38.89.AAA.AAA:41118                                                                                                                                              0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:9566-81.22.BBB.BBB:47065                                                                                                                                               0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:8493-159.203.YYY.YYY:58577                                                                                                                                            0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:7471-81.22.BBB.BBB:46953                                                                                                                                              0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:9769-159.65.CCC.CCC:58851                                                                                                                                             0.000       0.000 KB/sec         ? root     78.46.XXX.XXX:16118-185.176.DDD.DDD:47834                                                                                                                                           0.000       0.000 KB/sec         ? root     unknown TCP                                                                                                                                                                        0.000       0.000 KB/sec 

So, by having a look at these statistics I am pretty concerned.

First of all, the outgoing traffic is significantly high. Secondly, NetHogs tells me that multiple root processes with a ?-PID are accessing different servers on the internet.

Now, I do not remember having setup any root process accessing specifically any website.

What do you think?

And what strategy would you recommend?