Enh, the tech space is very much innovate or die. So yeah, they could probably throw everything in maintenance mode and make a reduced headcount work, but if AWS goes stagnant it’s entirely likely that Amazon goes the way of IBM and Motorol. Especially when someone (likely, Microsoft or Google) comes to take a slice of the AWS market share.
I don’t know about a min length; setting a lenient lower bound means that any passwords in that space are going to be absolutely brute force-able (and because humans are lazy, there are almost certainly be passwords clustered around the minimum).
I very much agree with the rest though, it’s unnerving when sites have a low max length. It almost feels like advertising that passwords aren’t being hashed, and if that’s the case there’s a snowball’s chance in hell that they’re also salted. Really restrictive character sets also tell me that said site / company either has super old infra or doesn’t know how to sanitize strings (or entirely likely both)…
I’m not sure if it counts as underground (it’s been around for ages), but if you’ve never thought about how your shoelaces contribute to the overall fit and comfort of your shoe, I’d recommend giving Ian’s shoelace site a visit.
Just to key in on the overlap between FOSS and privacy, because the source code for the software is open, it means that anyone can take a peek at how everything is running under the hood (among other things). It becomes possible to verify that software is storing data locally and properly encrypting when applicable (as opposed to blindly trusting the software’s author and or lawyers).
It may also be a fun fact that best practice in encryption is to open source your algorithms. The helps safeguard against backdoors and mistakes/ errors that could compromise the security of the algorithm. Much for similar reasons as above, as it allows the security community to check your math (in a field where it is incredibly easy to get your math wrong).