Pasi Niemi

My feed has just gotten so ridiculous that I'm going to try out Blue sky. See you there! bsky.app/profile/psinie…

Shared my thoughts on the state of serverless and the promise it once held, and to some degree, still does. #Serverless

@blackroomsec @xkr47 Finally!

Please share this far and wide. As far and wide as you can. NIST Password Guidelines for 2024 are in the process of being updated. This is a HUGE pet-peeve of mine (when vendors in particular are still operating like its 2017 and keep changing passwords every 60 days, STOP DOING THIS, it's outdated and has been shown to put you MORE at risk than less -- NIST explains why it does in this document, meticulously outlining user behavior**) so I'm sharing this in the hopes all of you will pass it along to your bosses. The Special Publication series governing passwords is SP 800-63 "Digital Identity Guidelines". The 2024 version is 800-63-4. Here: pages.nist.gov/800-63-4/ The companion docs are also on that link. They are 800-63A, 800-63B and 800-63C. These are different documents for different scenarios in play at your org. The previous update was in2020. The changes in the 2020 version from the 2017 version were numerous but one of them was that the password verification method should NO LONGER require passwords be changed at specific intervals (i.e. every 60 days) but in the following circumstances instead: 1. After a breach/compromise 2. User request 2024 repeats this and adds a bunch more guidlines but here is a screenshot of page 13 of the new 800-63-4 (note the # 4 after it) which outlines how your systems should now and moving forward, be handling passwords. This goes for Active Directory, too. All your systems which have passwords should align with these guidelines provided there isn't another standard or framework you must adhere to which overrules this. Most frameworks, however, have moved away from arbitrary password resets and complexity rules. **We cybersec researchers and hackers use wordlists from breaches in a variety of different ways. Hackers use them in tooling to crack passwords whereas researchers use breach dumps to see the kinds of passwords users are creating and the psychology behind them. Using complexity rules gets you the user psychology of: Password1 Password2 and so on Use phrasing instead and allow for spaces, which is important. Humans type phrases with spaces. They also mention phish-resistant methods and most vendors are on-board with MS going to be turning off all Legacy Auth next month, across all free accounts and tenancies. I'm so excited for the new changes! Ok I'm off my soapbox. Share the love! Thank you!

@MKBHD Lol - the site looks suspiciously similar to the web app I co-wrote decades ago. Compare: ultimate.fi/pelikone/?view… It's open source - happy to see it used 😁

Some FAQs since I see some people have asked! 1: Why is the final score always 15? A: Similar to volleyball or table tennis, games are played to a score instead of a time. First one to 15 wins 2: Where can I follow? A: It’s on Australia time and games are at funky hours, but you can follow how every country in every division is doing here: results.wfdf.sport/wuc/?view=game… There’s 2 days of play left and I’ll try to get a stream link here if anyone is awake during game hours

@elonmusk Ever considered that reality is more nuanced than that? That the weak simply need more protection than the strong due to being weak? IMHO being good or bad doesn't rly exist in nature. Failing protection means we drive the weak into a place where there are only desperate measures

The axiomatic error undermining much of Western Civilization is “weak makes right”. If someone accepts, explicitly or implicitly, that the oppressed are always the good guys, then the natural conclusion is that the strong are the bad guys.

@mattihaka "So many assholes, so few bullets" - Ford Fairlane

Mikä on elokuva, jonka voit tunnistaa yhdestä lainauksesta? Minulla: Play it, Sam (Casablanca)

@mattihaka "We are the knights who say Nih!" - The Holy Grail

@mattihaka "Yippee ki-yay motherfucker" - Die Hard

@Renmakesmusic Genesis by Justice

@Renmakesmusic Sandstorm

Very cool looking application composer for VSCode out! #reInvent23 #reInvent

SageMaker gets an IDE. #reInvent23 #reInvent

CloudWatch gets automatic EKS instrumentation metrics. #reInvent23 #reInvent

Cost explorer gets per-application metrics. #reInvent23 #reInvent

The theme today is architecting with cost in mind. This goes hand-in-hand with sustainability. Less resource use -> less cost -> less carbon footprint. #reInvent23 #reInvent

And so it begins! #reInvent23 #reInvent

Got great seats front-and-center for the main keynote of the week by @Werner! Here we go!🎉 #reInvent23 #reInvent

Not going to go deeply into the Partner keynote - a lot of it is more AI angles. For me the thing to celebrate though is the PartnerCentral web app and CRM integrations finally getting some love 💕 #reInvent23 #reInvent

Bedrock model evaluation helps with the process of selecting the right model for any job. #reInvent23 #reInvent

Continuing the the of database features: Neptune Analytics for powerful insights into graph data! #reInvent23 #reInvent