Jump to content

Kathrine Jansma

  • Content Count

  • Joined

  • Last visited

Community Reputation

22 Excellent

About Kathrine Jansma

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Well, WebAuthn claims to be phishing resistant. And it actually helps a bit for people that have some amount of common sense left. There are still some gulliable people that fall to ANY phishing attempts, but thats unfixable. https://i.blackhat.com/USA-19/Thursday/us-19-Brand-WebAuthn-101-Demystifying-WebAuthn.pdf
  2. Dual passwords are basically longer passwords. So why not simply require longer passwords?
  3. Doing anything with the username is worthless for other reasons too. Lets imagine you use email instead, like all the other sites. Great! You just enabled trivial password spraying attacks. So the only benefit of username = inworld name is that attacks on a specific users account gets a tiny bit harder. But it fails anyway if the password is strong enough so there is no benefit. Which is basically https://en.wikipedia.org/wiki/Kerckhoffs's_principle So if your password is weak, no username trickery will save anything for long.
  4. Actually it is current best practice to move away from password complexity rules towards other measures. The current best practice is use a long and unique password for each service and do not enforce any complexity rules. Thats at least the recommendation of US NIST, German BSI, and the UK. Mandatory XKCD https://xkcd.com/936/
  5. 2FA done right is a good thing, no doubts there. But most 2FA is done in a terrible way. A few of the really common pitfalls. offer SMS only (or worse: demand SMS to a mobile phone only) offer a push TAN app on some proprietary non jailbroken mobile phones only. Use TOTP from RFC 6238 but modify it slightly so only your own app can generate the codes Have a support hotline that ignores 2FA and just asks some trivial knowledge based questions to recover credentials Have a password recovery process that just asks for the 2FA key and common knowledge (turning 2F
  6. Typically you add a fps limiter to avoid silly cases like your GPU overheating and sucking massive amounts of energy when it tries to render the static pause screen of a game because you left the house for work with the game still open. Some games had that issues and rendered 1000+ fps on the paused screen and broke the GPU (or burnt down the house...). After all, its totally useless (if you go by https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem ) to render more then 2x the Hz of your display in fps (fps is basically Hz), so setting some limit in the display update range is
  7. Blame AMD for their utterly shoddy Open GL drivers (especially on Windows). I use a RX Vega 56 on Windows and watching the Visual Studio Profiler on an AVX2 optimized build of the Cool VL Viewer is kind of depressing. The profiler shows maybe 10-20% of time still spent in the viewer code in lots of methods (e.g. not really nice stuff to optimize), but about 80-90% inside the crappy AMD driver or the OS. So even if one could optimize the viewer perfectly the fps will not increase by more than maybe 10-20%. Henri tends to get 5-10x my fps for his NVIDIA setup/Intel/Linux, compared to m
  8. Feel free to reuse the multi threaded patch (http://sldev.free.fr/forum/viewtopic.php?f=10&t=2141#p10405) Consider it dual-licensed under GPL and LGPL.
  9. I didn't see a thread pool inside the Firestorm code (besides the KDU internal ones), but maybe I'm wrong, just did a cursory look and found the same old llQueuedThread stuff. In any case, more cores help, just not for speeding up the actual rendering due to OpenGL shortcomings.
  10. You can throw a few more threads at the viewer and it actually helps, but not directly for fps... Have a look at the latest version of the Cool VL Viewer, it uses a thread pool for texture decoding, which improves rezzing speed massively.
  11. No, its untrue. The rumour might be because some forms of UUIDs (Type 1 GUIDs) could be used to track the unique serial number of your network card, the MAC, because it was used to create the GUID number. (Microsoft had some troubles with that with their Office products, which embedded GUIDs..). Even in that case you cannot find out any geographical information or much useful other info. A totally different thing is an IP address. Those can be tracked to your general area of residence pretty easily. But the viewer does not propagate that information and it is not related to your Avatar Key.
  • Create New...