Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to add, additionally to my real name, my nickname (or alias or AKA) which I am better acknowledged on the web; into my public pgp key.
What's the proper way to get this done on gpg?
There are multiple choices. Which way to go for depends on your needs and preferences. A brief discussion about advantages and disadvantages of the individual ones:
The "usenet" style, adding the pseudonym in quotes between the given and last name:
John 'Random Hacker' Doe <john#example.org>
I'd prefer this version, making it clear what the pseudonym part is and not misusing the comment field, but it might prevent some (few) from signing your key if they're strict in their naming policy.
(Mis)using the comment field:
John Doe (Random Hacker) <john#example.org>
Probably with less problems while getting signatures for your key, but the use of the comment field is often regarded critical.
Adding a separate user ID:
John Doe <john#example.org>
Random Hacker <hacker#example.net>
Especially a good idea when having a separate mail address for the nick name. You probably will not get signatures on that user ID. If you're going for this way, consider putting the pseudonym in quotes anyway and maybe even create a separate key for it.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I'm trying to develop a comment box like application, similar to Facebook, using MERN stack. Adding simple comments is not an issue. But how does the tagging mechanism works where we tag some user with '#' symbol?
Do I need to store the comment in MongoDb database as some special structure which makes it easy to display the tagged user in react? Or it is achieved with some different technique?
Edit: The question is what roles will the UI and API play, how the code flow will be, and what additional things (eg reference section in comment-document) should be part of the Mongo Database to make this work?
It is unclear if you want to know the database semantics or the frontend part as your question is very broad. But here are some pointers;
Frontend: you can use onKeyDown event on a textarea to figure out what char was typed. If it was a # you can show the user a dropdown of users and reduce that if the user keeps on typing.
Backend: once submitted, you want to find all the #user mentions. This can be done with regex to find everything that starts with a #. E.g e regex like [\s\.]?#(\w)\s would give you all the mentions within a sentence. You then would find the user in your database and add a reference to the comment entry in your database.
Database: once you know the user, you may want to notify the mentioned user, add to inbox etc. There are many different techniques to achieve this and it really depends on your requirements and database of choice and your schema. But generally speaking there are two widely used techniques called Fan out on Read or Fan out on Write
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have a program that prompts for a PIN before performing particular actions. The PIN is stored, encrypted, in a local config file along side the executable binary. User enters PIN, program decrypts and compares to the stored value, if they are equal, ok, if not etc.
I'm aware this kind of security check could potentially be circumvented with forensic tools that alter the binary, in affect, changing the '==' to '!=' in the right place to make all the wrong PIN's pass the test in my example.
This may be a stupid question, as I know from the first 2 minutes of googling it's a big and challenging topic, but I still thought I should start with checking on features of the language/compiler I'm actually using first. So, are there any features natively available with Go to make this kind of attack harder to successfully perform?
No, there is nothing remotely like this in the official go compiler or standard library.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
In Agile, should the 'user' in a user story always be the end-user or could it refer to different type of user? For example, is it acceptable to write something along the lines of, "As a developer I would like to have an interface to component B so that I can communicate with it from component A" or should it be restructured in terms of the benefit that such an interface would ultimately present to the end-user?
Chris,
The answer is "it depends on who the customer is". User stories need to be understandable and if possible written by your customer. If your customer is a developer of component A or B then it would make sense to you both.
However, if the customer doesn't immediately see the benefit of that I would ask "why" I was adding that interface and keep asking "why" until I get to an answer that the customer does understand. Then I'd write the user story so that the customer can understand what is being delivered.
Mike Cohen's book User Stories Applied is very good if you're looking for something more substantial to read.
http://www.amazon.co.uk/User-Stories-Applied-Development-Signature/dp/0321205685/ref=cm_rdp_product
Of course it is. If you are say writing a dll to develop with, then you are the end user of the dll...
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I've come across a system that requires you to include a number in your username. I feel this is pointless, as the username should be easy to remember, and not be subject to requirements that may be applied to passwords.
However I can't find a good write up of the reasons for this. Can anyone reference a good source for this, and/or explain it in better words than I can?
Edit: I'm getting answers explaining why they do this, which are certainly of value, but there must be a write up somewhere of how to make a secure login system, that advocates a simple, easy to remember username.
Having no clue about the specific system mentioned, if one can call support and say something like "My username is John and I forgot my password" - adding a number may add just a bit of security.
Also, if the system is not protected against brute-force attacks, one can try common usernames together with common passwords.
I agree with Xavjer: the reason for this is most likely not security-related.
I agree with you: If the requirement is security-related - the security scheme is probably wrong.
Edit:
Another idea - Maybe they want to force you to use a username which is different than the one you use on other sites. Since many users tend to select the same username and password for different sites, and in case the password is compromised on one of these sites - this may help (but again, just a bit).
I would say it could be because if you force a number in an username, you will most likely never receive a dublicate name problem. There wont be someone having for example the name 'peter' and then there is a 'peter95' and a 'peter112'. No one will have the original one.
This is just what I think is the most reasonable answer.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
There are several ways to secure passwords with an automated encryption algorithm, but sometimes it's best to write it down on paper and keep the paper itself secured. Hackers can't easily get to paper. However, if someone finds that paper, they can see the passwords plainly.
What's a non-automated method of securing information on a piece of paper? For example, have the real password be in every other character (eg p1a2s3s4w5o6r7d8 = password).
Take a character sequence from a book you have lying besides your computer. You can take the sequence in any number of ways: First/second/etc. letter of each word in a chapter you decide, for example.
Have a look here for some history and ideas about steganography ;) Your example is a simple working one, you can even use an invisible ink or write it backwards with only every 5th character relevant etc., it is up to your imagination :)
What youre suggesting is a simple cypher. I'm not sure why you'd want to implement something like that vs. using a password manager like KeyPass but you can us a simple substitution cyper where A=Z, Z=A etc. if you need to write it down.