Surely the take home message should be "programming languages are 33% more verbose than they need to be"?

The LPPFusion company is also looking as a p-B11 reaction (eventually) and actually have reactions running now utilising a dense plasma focus system, which is magnetically confined. They are nowhere near break-even yet, though.

Agreed. Adverts are annoying, but the potential for spoofing other applications is far worse (even if initially difficult to exploit). 100% user-controlled may just about be acceptable - simply make it a property of any video control in the webpage, and it's instantly available on all websites without having to change a thing - but even then I wouldn't bet against it being exploited.

...except that w3w codes are deliberately distinct for geographically close squares, and designed so they'd be easy to share and sanity check e.g. over the phone. Sure, both are trying to solve the problem of precise locations, especially in places where addresses don't exist, but with very different emphases. Also note that the w3w algorithm and word database are proprietary.

I use Skype desktop version for text chat at work, and I think it breaks many of the most basic rules of UI design. These rules have been known about for decades, and often promoted by Microsoft as the "right way" to write Windows apps.

There are two very simple options that have been requested many times on the Skype forums over the past 2-3 years: change the color scheme, remove the speech bubbles.

Here's all my rants condensed into one page: http://moteprime.org/article.p...

It looks like the new Skype is continuing that trend.

And use of platform default behaviours, and basic configuration options for colors, and a truly compact mode for those of us
w h o
d o n ' t
l i k e
e v e r y t h i n g
s p r e a d
a c r o s s
t h e
s c r e e n
i n
e n o r m o u s
b l u e
b u b b l e s

The user interfaces for different platforms have to be different. Otherwise you end up with Skype 7.x, where we have a UI on the desktop which has been designed for a smartphone.

Low pointing accuracy on smartphones means large targets and huge icons. Short conversations on smartphones means lots of space wasted on speech bubbles. Likely content on smartphones means emojis pop up when you're sharing code snippets, making them unreadable. Restricted input methods on smartphones means ignoring platform conventions like Ctrl+B for bold text.

Conversely, try getting 3DS Max 2017 UI onto a smart watch. Regardless of compatibility, it's simply impossibe.

Do you mean the new Mac version of SfB, or the old Lync? I've been pretty happy with the new Mac version.

Only if your admin has configured Skype not to allow external calls. SfB can place POTS calls just fine.

The final step of the hashing algorithm maps the resulting hash into a character string. The algorithm allows you to customise this mapping to use only a given subset of characters, or given length. Using this feature will require you to store this metadata in your state file, because you rarely get reminded of these password limitations at login, only at registration. Fortunately these sites are rare; the default policy of 8 characters with alpha + numeric + special – and the algorithm makes sure you have at least one of each – works fine for almost all sites.

I encourage you to download and try one of the implementations. The two I mentioned earlier implement the same algorithm, as does a Firefox version and a portable Javascript version.

Well, maybe. But this state is not highly confidential so you can for example let Chrome store it in the cloud. In practice the number of times a password change is required is small (at least for me), so you can either brute force it (bump until you find the right password) or reset your password if this happens.

Again I see your point. But I've used this system for close to a decade now and I'm only using two master passwords so far. How many passwords have you memorised in the last ten years?

I should emphasise that I wouldn't recommend using this system for everything. I have a completely different set of passwords for banking, and servers I administer, and certain other high-security things. But for general web things I access from home and work, desktop and mobile, coffee shop and library, it works really well and addresses all of the real life threat scenarios I care about. Even if I have to register a throwaway account for a throwaway website, I can still give it a real, strong password that I can recover any time later, even if I don't remember registering for that site. (For full disclosure, the only time the algorithm actually fails is when a site keeps its user database but changes its domain. Then I'll have to remember to update the site tag to the old domain.)

No, you have at least two options:

1. Change the site tag. For example, on the Password Hasher Chrome extension, you can hit the "Bump" button which replaces "slashdot" with "slashdot:1" and gives you a new unique password. The new tag gets stored in the extension settings. I don't use this but it works, and would be good for sites that actually require periodic password updates.

2. Change your master password for that site only. I use a completely different master password for the two or three sites which I know may have been compromised. It's not hard to remember which ones these are.

Right, compared to an offline password manager there's no security benefit. I use KeepassX for a few high-security things like financial accounts, but find offline password managers much less convenient for everyday stuff. With a password hasher you can use a JavaScript version from anywhere. (Yes, keyloggers would be an issue. And I host my own copy to make sure it's not backdoored.)

...or they are the site owner...

First of all, in practice I don't back up the settings file anywhere, as almost all sites work fine with the default settings and the ones that don't I either remember or just reset the password for if required.

Having said that, your point is valid but not an actual concern for me. If someone wanted to waste lots of CPU power brute forcing my (long, random, high security) master password, they probably could do so. But just never reusing passwords is generally enough to limit the damage of the inevitable database leaks and hacks, which is the actual, realistic threat we're dealing with here. Never using the same password twice is the most important protective measure you can take, and hashing is, imho, the most frictionless way to do it.

You could also choose to limit any potential damage by having a few master passwords for different classes of websites.

True, but how exactly would they get your master password? You never need to enter it anywhere online, just your offline, one-way hashing algorithm. Obviously keeping this one master password safe is extra important, but as you only need to remember one, you can probably afford to give it a bit more entropy.

Except this file does not need to be secure in any way.

Password managers seem like an inherently terrible idea, particularly onlines ones.

Can someone explain to me why password hashers are not more common? I've used one for years and really can't understand why nobody else does. Take the master password, append (a portion of) the site's domain name, and hash to arrive at a random password. There's only one password to remember, you get a unique strong password for every website, and everything can be done offline without storing anything anywhere. There are extra refinements to create new passwords to replace e.g. compromised ones, or conform to the site's password length and other requirements, but they are trivial. Extensions are available for browsers and mobiles.