• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2023

help-circle
  • Well… No. It’s complicated, but there are several ways in which Russia’s invasion of Ukraine have both directly and indirectly increased gas prices. Some of them most definitely are part of ‘simply because they can’, but the invasion has given people more handles to do that as well.

    If there is a significant drop in available supply, prices go up. There are not that many suppliers in the world who can do this all on their own without causing themselves very significant financial harm.

    This is why OPEC, when it has it’s act together enough for everyone to go along with it, has been such a thing, and holds so much power. If almost every supplier is part of OPEC, and OPEC decides to decrease supply, well, prices go up, and none of the suppliers take a hit.

    In a very similar manner, if people think or expect that supply will decrease, you get a very similar effect, despite there being just as much supply as there was 5 minutes before the news or rumor went out.

    And, of course, it is perfectly possible for suppliers to sell their product outside of the global commodity markets. It’s rare, because it’s almost always going to be selling it for less than the current market prices, but today we have some good examples of this.

    Russia was a huge supplier of various petroleum products, and even though the oil you use to make gas and natural gas are rather different products, to a limited extent they are just barely interchangeable enough on the usage end that a significant shortfall in natural gas can be partially made up by increasing usage of gas, at least in some places.

    (See Europe going through an exceptionally cold winter while not having enough of a natural gas supply to be confident in even normal usage.)

    At the moment, you have Russia almost entirely excluded from the global commodity markets. Russia choosing to sell outside of those markets at a significant discount, to evade sanctions. Which gives other oil producers just a hair more leverage in continued price control.

    All of this is the backdrop for the international companies that do most of the oil prospecting, drilling, etc, who have all decided to almost entirely stop bothering to continue investments in opening up new oil deposits. These most definitely impact pricing as well, though on a longer time scale.

    It’s a complex mess, with quite a lot of gambling, and actors who have a vested interest in screwing with the system, and entities with enough control to not only gamble, but to tilt the result to avoid losing those gambles if they really need to.

    And given that everyone involved wants to make as much money as possible, only the fact that it is a global market keeps prices even remotely sane. Any excuse to hike prices will be taken.


  • Every now and then, I try to browser without an ad blocker.

    That generally lasts until I encounter something that’s bad enough that I don’t really have a choice, and then I turn it back on.

    The page needs to actually function. It needs to be possible to click on something and actually be clicking on the thing that you’re intending to.

    And it can not have stuff that blinks in a manner that causes a segment of the population (which includes me at times, but not 100% of the time) significant neurological problems.

    That last one has been the driving force behind stuff getting reenabled a fair bit.

    Oh, and if it’s ads on video content, they need to be at least vaguely reasonable in regards to interruptions and length. Youtube is way past that at this point.


  • To be real clear, the only thing this does is screw over the hourly employees trying to survive on tips.

    It does absolutely nothing to the business, they don’t care, at all. It doesn’t impact them in the slightest.

    Yes, by law, if someone makes so little in tips that they would be getting paid below minimum wage the business is supposed to make up the difference.

    Assuming that happens for the entire shift.

    In practice, by all accounts… That pretty much never happens.



  • That’s like saying that only using high security locks with various security pins in them to protect your house is a bad idea, and you should throw in some secured with padlocks too just to change things up.

    And if some of them are shitty masterlocks, well, you’re changing things up.

    That’s really not how security works.

    Yes, pass phrases can have large amounts of entropy attached. But unless you are picking your pass phrases truly randomly, with a large dictionary, and using unique pass phrases per site, and the sites are not silently truncating the password input (such as bcrypt which truncates to 72 bytes), you are not actually getting that large amount of entropy.

    Where as a 16 character password that randomly uses the ASCII printable range, excluding spaces, gives you 93^16 possible combinations. That’s 31313180170800116587336013460801 passwords.

    Or, very roughly, 104.6 bits of entropy. (104.6265409777285022441578006899739 bits of entropy if you want to be downright absurd about it.)

    Knowing that you’re doing that simply doesn’t help the attacker in any meaningful way.

    Bumping that to 20 characters gives you over 130 bits of entropy, or 2342388736625917052139104541473924426001 possible combinations.

    This is quite simply not a viable attack surface.

    Where as saying ‘use pass phrases for some things’ means that it is quite likely that some of your pass phrases are going to be much less secure than this.

    But let’s give the same numbers for properly generated random passphrases.

    The xkcdpass utility can help us here.

    Even picking entirely randomly, out of a large word list of 7227 words, a 6 word pass phrase only gives roughly 76 bits of entropy.

    Going up to 8 words gives us roughly 102 bits of entropy, that helps a ton… Except that some of those passphrases are going to be longer than 72 bytes. So you’re almost certainly losing bits of entropy.

    That best case still gives you fewer bits of entropy than a 20 character randomly generated password. Unless you’re trying to memorize your password, there are no benefits to alternating between randomly generated passwords with good generation settings and passphrases.

    And if you’re trying to memorize your passwords, you are definitely doing it wrong.