Lots of subs on reddit have weekly off-topic threads

In my experience it's interesting to get a slice of life of the user base for awhile but quickly gets old.

I agree with the conclusion but that reasoning makes no sense.

From the guidelines: "On-Topic: Anything that good hackers would find interesting."

It took me years to understand this dynamic, so of course I'd be interested in how the reasoning is wrong. But hn@ycombinator.com would be a better place to communicate that at this point.

Btw, if you're going to tell someone this, you should say why. Otherwise they can't learn and the comment is uninformative.

Are they relevant to the position?

I'd keep them if they are and lose them otherwise.

Because your job is not to gatekeep at the companies expense?

And this worked? Seems hard to believe.

It would cut entropy down by a great deal if you even simply knew how long the password was.

I've seen a movie where a bad guy entered password and a good girl counted the number of characters: one-two-three-four-five. Then she noticed that his suit had "GREED" badge on it. Combining these two facts she succesfully hacked into his laptop and prevented some shit. Since then I started to always mix few backspaces into my passwords. Not that I'm really bad, but life is life.

The backspace key on most keyboards has a very distinct sound. Not to mention it's positioning means timing will be noticeably different as well. Might be better off mixing in a few meaningless modifier keys (press Ctrl, Alt or Caps Lock).

I usually type a long string of gibberish, sneak in ctrl-U at some point and then enter my actual password

Unless the gibberish is the same every time, the repeated sound of your password will still be parsable from a long enough sound recording of your computer usage.

The gibberish is unlikely to ever be the same.

I think it is more accurate to say that the gibberish is unlikely to _always_ be the same.

I think one can tend to create similar gibberish over time. I've worked on a system where I needed to do a new signup every time I wanted to test a feature and I've run into issues where the gibberish I entered matched an account that I had previously created.

Everyone here has accounts in development databases named 'aaa', 'asd', 'asdf', 'qwer', 'hjkl', etc!

Nope, mine are all oeunt, oeunth, huet, uehis, ais, etc

You are a user of the Dvorak layout, I take it? Colemak seems like it would have a different fingerprint.

Yep! Always a bit of fun when someone goes to use my laptop for an end-of-sprint presentation and types a bunch of gibberish infront of all the stakeholders :D

I feel like the real lesson here is "don't wear your password."

Barely. Trying all the passwords less than N characters long is way cheaper than trying the ones that are exactly N.

Best case scenario wouldn't you have to do both without knowing the length?

Right but even with alphanumeric only, only about 2% of passwords of length N or less are less than length N.

The advantage is having the upper bound.

I think I read about a similar "keylogging" technique in Popular Science at one point.

Researchers recover typed text using audio recording of keystrokes (2005) [0]

[0] http://www.berkeley.edu/news/media/releases/2005/09/14_key.s...

Turns out my ducky blues mechanocal keyboard has a big disadvantage when it comes to this then

No. The idea that you could discern the difference between keys based on their relative volume due to their distance and angle from the recording device is complete nonsense. OP is living a fantasy and taking HN along for the ride.

No. The idea that you could discern the difference between keys based on their relative volume due to their distance and angle from the recording device is complete nonsense. OP is living a fantasy and taking HN along for the rise.

Your friend either shares a one bedroom, does not live in a cool a place as he claims, or has the square footage of a cardboard box.

KCMO is cheap but that rate is absurd.

Swear to god - lives in a one bed in Hyde Park, perfectly fine, normal apartment. He's not in Westport/the River Market/the coolest neighborhood of the week, but Hyde Park is still pretty nice, and his place is definitely not a dump.

No private parking, if that helps?

That seems a little bit under market to me, but absolutely not absurd.

(I'm very familiar with the St. Louis rental market. My last one-bedroom in Tower Grove South (for those familiar with the area) was $625/mo. It was a decent apartment, too.)

Trouble dealing with beards maybe?