mhoyeI feel like not enough people really understand in their bones that when you consent to use a technology that solves a problem you don't actually have, you're agreeing to take on a complexity and dependency burden at no benefit to yourself whatsoever.
sidb
GraydonA methodology that's far less general than it is generally presented as being and which can easily be incapable of solving the problems you actually have.
(And which layers on agile, which people usually don't understand as a philosophical position about the appropriate location of the tradeoff between specification and testing.)
@mhoye @sidb Whoever is responsible for the IT policy that apportions resources based on perceived social standing or on the basis of strict price, rather than price-performance.
Also that specific flavour of IT guy who imposes onerous and unhelpful password requirements then wants you to change your password's password before and after each time you use it.
@sidb @graydon @grimalkina was talking yesterday about dudes that will dismiss anything from the social sciences out of hand but treat a blog post from 1993 like it was brought down from the mountaintop graven in stone. If memory serves the original rotation requirements came from a back of the envelope calculation about average time to crack on a 1970s mainframe. I should dig up that reference.
@mhoye @sidb @grimalkina That would be an interesting thing to have.
Throw in password entropy as a thing and the nigh-infinite examples of how people actually react to onerous passwords and you've got a recipe for that IT guy getting exceptionally mulish in meetings.
Found it. First standardized in NIST 800-63b appendix A subsection 5. “Digital Identity Guidelines: Authentication and Lifecycle Management”.
Later repudiated and greatly regretted by its author, Bill Burr.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
Not a Spring Onion