Our internal training has shifted entirely to passphrases, to the point that we had to write our own internal training video because every training video we looked at talked about traditional ways of creating a complex password. We found that when people were encouraged to come up with a sentence, they usually came up with something in the range of 25-35 characters, well past the minimums.

Microsoft seems to be doing these kinds of migrations lately.

I think their old ways of poorly documenting things even internally came back to bite them. I've seen some things written by people who were at one time Microsoft devs working on Windows 7, 8, and 10, who said that a lot of removed functionality came because trying to figure out what the old code was supposed to be doing was nigh impossible, and figuring it out sometimes just didn't fit the schedules or budgets. If a feature didn't seem to be widely used as a percentage of the userbase, then it often got dropped.

Maybe some rewrites are being taken too far, but anyone who has dealt with code that goes back potentially more than 30 years is almost certainly going to find some really bad and/or confusing implementations.

NIST SP 800-63 has formalized this. Specifically, look up Section 3.1.1.2 in SP 800-63B-4, released just this year. Minimum length 15, max length at least 64, but no other requirements, including complexity or regular rotation. Unicode is supposed to be accepted, normalized against a standard process (that one I don't remember, but it's documented), with one code point counting as one character. Filtering for known bad passwords or patterns is strongly encouraged.

I pushed through an implementation at our company last year, explaining why, showing the NIST draft. A bunch of people protested because it was different, but the CIO told them to live with it because their entire argument was "but we've done it this way for 30 years!" Some critical vendors complained when we started pushing them to comply (or at least implement SAML), but we only have a couple of vendors not complying now, and they should be compliant soon. Users are largely happy with the change, and they complain a lot less when we see suspicious activity and force a rotation.

On the other hand, Microsoft trying to write an OS in Rust will reveal absolutely every defect present in the language.

Unless they write their own, which is quite likely as they'd rather have defects they can ignore.

Abandon hope, all ye who press enter here.

Now, yes, there are predictions that you could get a supermassive black hole launched into space, especially during a galaxy merger if the velocity of the smaller black hole exceeds the escape velocity of the combined galaxy.

But I'd be wary of assuming that it's a launched black hole, unless we can find the merger it comes from. There may be ways for such a black hole to form that cause the stars to be launched away rather than the black hole being flung, and if a galaxy isn't rotating fast enough to be stable, one could imagine that a sufficiently small galaxy was simply consumed by its central black hole. Both of these would seem to produce exactly the same outcome, if all we have is the black hole itself and a velocity.

I'm not going to say either of these is likely in this case, or that astronomers haven't examine them (they almost certainly have), but rather that we should be cautious until we've a clearer idea of what the astronomers have actually been able to determine or rule out.

No, the executive tells the civil service what it needs to do, but the civil service is wholly independent.

You do not appear to understand what a republic or a democracy is, so I'll ignore the last sentence.

"Independent" does not mean unaccountable to the people. The President is independent of Congress, and vice versa, but both are accountable to the people. Well, the current president doesn't seem to think so, but legally he is.

The civil service is not a part of the executive but is a co-equal branch.

You are correct. In principle, presidents have no authority whatsoever to dictate how an agency runs. The executive branch should have zero authority over the civil service, which is intended to constitute a fourth co-equal branch of government.

In the US, in principle, the status of the civil service as co-equal to, and independent of, the executive should be added to the Constitution and enshrined in law for good measure. Not that that would help much with the current SCOTUS, but a Constitutional change might possibly persuade the current government that absolute authoritatian control is not as popular as Trump thinks.

That is the idea that, in Britain, entities like the NHS and the BBC have operated under. Charters specify the responsibilties and duties, and guarantee the funding needed to provide these, but the organisation is (supposed) to carry these out wholly independently of the government of the day.

It actually worked quite well for some time, but has been under increasing pressure and subject to increasing government sabotage over the past 20-25 years.

It's also the idea behind science/engineering research funding bodies the world over. These should direct funding for grant proposals not on political whim or popularity but on the basis of what is actually needed. Again, though, it does get sabotaged a fair bit.

Exactly how you'd mitigate this is unclear, many governments have - after all - the leading talent in manipulation, corruption, and kickbacks. But presumably, strategies can be devised to weaken political influence.

230 prevents sites from being prosecuted. So, right now, they do b all moderation of any kind (except to eliminate speech for the other side).

Remove 230 and sites become liable for most of the abuses. Those sites don't have anything like the pockets of those abusing them. The sites have two options - risk a lot of lawsuits (as they're softer targets) or become "private" (which avoids any liability as nobody who would be bothered would be bothered spending money on them). Both of these deal with the issue - the first by getting rid of the abusers, the second by getting rid of the easily-swayed.

USENET predates 230.
Slashdot predates 230.
Hell, back then we also had Kuro5hin and Technocrat.

Post-230, we have X and Facebook trying to out-extreme each other, rampant fraud, corruption on an unimaginable scale, etc etc.

What has 230 ever done for us? (And I'm pretty sure we already had roads and aqueducts...)

I'd disagree.

Multiple examples of fraudulent coercion in elections, multiple examples of American plutocrats attempting to trigger armed insurrections in European nations, multiple "free speech" spaces that are "free speech" only if you're on the side that they support, and multiple suicides from cyberharassment, doxing, and swatting, along with a few murder-by-swatting events.

But very very very little evidence of any actual benefits. With a SNR that would look great on a punk album but is terrible for actually trying to get anything done, there is absolutely no meaningful evidence anyone has actually benefitted. Hell, take Slashdot. Has SNR gone up or down since this law? Slashdot is a lot older than 230 and I can tell you for a fact that SNR has dropped. That is NOT a benefit.

The Black Eyed Peas called it.

[Sings] Whatcha gonna do with all that junk All that junk inside your trunk...