Never let your age stop your curiosity.

But also learn from other's mistakes (and don't try to eat condensed milk when hanging head down)

Shouldn't C be attacked (legally of course) automatically?

Say C decides to build on a land they own a nuclear plant with known life endengering issues. Or a place to publicly hang people. Or other completely illegal things. They will surely be stopped by someone (the state?) from doing this? Automatically, that is without the need for a citizen to raise the point.

This is a similar case: they want to do something illegal (not follow what they ageed to)

Everyday employees usually learn about unions though leflets they provide from tim to time, with a mot more information around elections for the company representative body.

One an agreement is in place with the company (which must be above whatthe law requires) then it is binding for everyone, unionized or not.

In Europe, generally speaking, you have unions that are formed within the company, usually as a representative of a national one (but you can also have local ones). They get elected to represent the employees and whatever they bargain is for all employees. Maybe 1% of employees are actually part of a union.

In the US it seems that you have to be a member of a union to get what they bargain? And they companies can block the creation of a union?

I recently had a look at my stats (last time I checked was maybe 10 years ago) and I noticed the SO and security line stagnating fir a good few years. They used to be the one raising steeply, but at some point the sites because so toxic, with unsufferable downvoters that I completely gave up.

But other sites rised steadily. There are wonderful sutes in the SE network where you get great answers from very helpful people.

SO and a few other sites are dragging the whole idea to the bottom.

If you want to see unhinged psychopaths in action have a look at SE or SO Meta. Or maybe not.

Because you need to back up, verify backups, monitor availability, manage updates, manage MFA, and a zillion things.

Don't get me wrong, I work in hardcore, high tech IT for 30 years and I selfhost two dozen or so of services. It is far, very far from "absurdly easy" when you start .

Sure you can run a container on your pc, and hope for the best

My main point was to undersatnd when (and if) the "in the US we get enough money to pay the insurance" breaks.

(this is an actual question, not an ironic one)

I am not even sure what could be done to change this. We have democratic elections, people managing the country are at least formally qualified but they sit in the central Venn diagram intersection above.

One of the reasons for the technical dependence is that huge gap between the ones who understand how to architecture the country or EU information systems, and the ones who make the decision.

Between malfunctions on a multi-screen setups, audio problems with applications, issues with sleep recovery on some monitors, etc. -- Winodws is much more polished

Sure YMMV but I am making active attempts at moving, with the will to move, but it is not as good yet.

Like I said, this is not a showstopper for me.

Linux as a server is very good, and there is not much discussion on that front.

Linux as a desktop system is fine. I could live with it for the added value of having a flexible, predictible system. Windows is much more polished but, again, this is a tradeoff I would happily make.

The problem are applications. And particularly Outlook. I have to use Outlook because of its integration with the calendar, Zoom, ... This is the Outlook client for on-premises Exchange.

OWA suck to the point I simply cannot look at it (the one coming with Exchnage on premises, I do not the MS365 one). Without Outlook working seamlessly I am done.

This is really a pain - one software that stops an extended trial.

See, I respect people who point out mistakes, and explain why I did it.

Why did I mention that I do security? Because I spent the last, 25 years trying to push proper practices and did not want to jump into discussions where over 10 comments we would end up flexing about details.

Since you are an infosec practitioner since the early 90s you either are a saint, or did not have to yell through best practices to just let it go.

Not sure what you don't like about conferences? Never got anything from them? I did and I am sure glad to have listened to great presentations.

My bad - I misread the post.

To clear things up: I am completely aware about how to store passwords in services that check against them. You are likely to have read some of my prose on that topic in OWASP or at a conference :)

My point, after misreading the article, was that in order to authenticate to a service (the one that holds the hashed version of that password) you need to have access to its cleartext version. This is VERY bad, should never be stored without special considerations etc.

I read the articlae as if they accessed the source of the passwords, the one used to access to services (a vault, with its encryption, access restrictions etc.). 5k was a lot but that could have been bearers or similar ones.

So my comment, and the comments to it, actually yelled at me (that's good!) the way I yell at actual implemententions sometimes :)

In all seriousness - thanks for the reaction, we need more of these. My next obsession are servies that require "only digits" or "strictly 8 to 11 chars" for credentials :)

My bad - I misread the post.

To clear things up: I am completely aware about how to store passwords in services that check against them. You are likely to have read some of my prose on that topic in OWASP or at a conference :)

My point, after misreading the article, was that in order to authenticate to a service (the one that holds the hashed version of that password) you need to have access to its cleartext version. This is VERY bad, should never be stored without special considerations etc.

I read the articlae as if they accessed the source of the passwords, the one used to access to services (a vault, with its encryption, access restrictions etc.). 5k was a lot but that could have been bearers or similar ones.

So my comment, and the comments to it, actually yelled at me (that's good!) the way I yell at actual implemententions sometimes :)

In all seriousness - thanks for the reaction, we need more of these. My next obsession are servies that require "only digits" or "strictly 8 to 11 chars" for credentials :)

My bad - I misread the post.

To clear things up: I am completely aware about how to store passwords in services that check against them. You are likely to have read some of my prose on that topic in OWASP or at a conference :)

My point, after misreading the article, was that in order to authenticate to a service (the one that holds the hashed version of that password) you need to have access to its cleartext version. This is VERY bad, should never be stored without special considerations etc.

I read the articlae as if they accessed the source of the passwords, the one used to access to services (a vault, with its encryption, access restrictions etc.). 5k was a lot but that could have been bearers or similar ones.

So my comment, and the comments to it, actually yelled at me (that's good!) the way I yell at actual implemententions sometimes :)

In all seriousness - thanks for the reaction, we need more of these. My next obsession are servies that require "only digits" or "strictly 8 to 11 chars" for credentials :)

My bad - I misread the post.

To clear things up: I am completely aware about how to store passwords in services that check against them. You are likely to have read some of my prose on that topic in OWASP or at a conference :)

My point, after misreading the article, was that in order to authenticate to a service (the one that holds the hashed version of that password) you need to have access to its cleartext version. This is VERY bad, should never be stored without special considerations etc.

I read the articlae as if they accessed the source of the passwords, the one used to access to services (a vault, with its encryption, access restrictions etc.). 5k was a lot but that could have been bearers or similar ones.

So my comment, and the comments to it, actually yelled at me (that's good!) the way I yell at actual implemententions sometimes :)

In all seriousness - thanks for the reaction, we need more of these. My next obsession are servies that require "only digits" or "strictly 8 to 11 chars" for credentials :)

My bad - I misread the post.

To clear things up: I am completely aware about how to store passwords in services that check against them. You are likely to have read some of my prose on that topic in OWASP or at a conference :)

My point, after misreading the article, was that in order to authenticate to a service (the one that holds the hashed version of that password) you need to have access to its cleartext version. This is VERY bad, should never be stored without special considerations etc.

I read the articlae as if they accessed the source of the passwords, the one used to access to services (a vault, with its encryption, access restrictions etc.). 5k was a lot but that could have been bearers or similar ones.

So my comment, and the comments to it, actually yelled at me (that's good!) the way I yell at actual implemententions sometimes :)

In all seriousness - thanks for the reaction, we need more of these. My next obsession are servies that require "only digits" or "strictly 8 to 11 chars" for credentials :)