Amazing "By 1825, the majority of Cherokees could read and write in their newly developed orthography.[5]". It even has a reference so it must be true.
Around the same time, Christian missionaries introduced writing (using an adapted Latin alphabet) to Hawai`i. Within ten years nearly the entire population (I would guess with the exception of older people) was literate. Mark Twain remarked on Hawai`ian literacy a few decades later.
> if they are avoiding doing awful things in the name of money, then they are leaving something on the table
That doesn't stand as a reason at all. I think the big contrast isn't as you described. It's more about short-term versus long-term or conflict of interest between principals and shareholders.
But to be specific, Wells Fargo was mentioned, and their downfall was very much driven by doing awful things in the name of money, specifically.
There is a whole table of examples like the one you mentioned in the book. This has been going on a long time: companies being destroyed, all in the name of profit.
> Clickable links sent in email are more secure than passwords so I'll stop supporting passwords and instead rely on email delivery of a link for all logins
God, I fucking hate that.
I have a fucking password manager, I have various machines and things open. Just let me fucking log in.
If anyone is reading this who is in charge of the internet please stop doing this.
I seem to spend half my life logging into thing's, confirming 2fa,confirming biometric data. Then when I go back to the first thing it's timed out and I have to sign in again.
It is with much hesitation that I write this, because I just implemented such a flow.
My reasoning was this: my customers keep forgetting their password and somehow that becomes a trigger to contact me. No passwords, no problem.
I tried convincing them to use password managers but that was pointless.
But I see the pain and frustration so I will add passwords. And I quite liked the passkey idea, have to see how that works. Not that my customers would ever use it, but I would. It literally never occured to me.
To be clear, no shade on actual devs faced with actual problems. My ire is reserved exclusively for the "we must do this because it is on the checklist, no I don't understand what a subnet is" people.
A lot of those same people seemed perfectly capable of insisting on 60 day password rotation back when they could use nist guidance as an authority to appeal to (for about five years after the recommendation changed too).
Specifically the revocation of such guidance. If the field gave even the slightest deference to empiricism we wouldn't be changing our password every 180 days, but here we are.
So agreed. It’s fucking crazy. Password manager is so much easier and more secure. If you do this dumb email or SMS OTP flow, at LEAST support passkeys for my password manager!
It’s wild that they’re like “it’s more secure to not have a password” and then choose two unencrypted delivery mechanisms for the very short OTP.
Sure, people who reuse passwords are not secure. And fair, I guess it’s a tragedy of the commons. But at least continue supporting it and make it dead simple for password managers if you actually care bout security
I thought the same for a long time but now i don't know. If your computer is compromised, they can exfiltrate your password, but with a hardware key they can't, so i think that's legitimately more secure than password+otp. It still needs a pin though to protect against device theft.
I bring this up because there's been a ton of compromised developer packages recently and windows itself is being attacked so even if you're pretty good about protecting yourself, you still might get screwed.
That doesn't address anything. If your device is compromised they do not need your hardware key because they can just read all mails on device or steal login/session cookies for accounts and bypass authentication.
Passkey is still inferior to U2F + password anyways.
I don't think it should be the sites' responsibility to guess whether the browser session is the have device will receive an SMS message... The fact that it is SMS is already bad anyway.
Time-code apps or passkeys are a different story.
1. You should be able to make backups.
2. There's nothing to intercept in plaintext.
3. The all can (unlike SMS features) be locked down by default and require a second layer of unlocking, so that they usually aren't accessible to someone who grabs your phone out of your hand.
It absolutely should be the Bank's concern when this is how 99% of their customers will use it. Some even have deliberate integration between the baking and 2FA apps.
This is exactly my workflow and it’s just incredible. I use aqua and wispr flow depending on which one seems to be returning the best results that day.
Some people really do thrive on this shit though. They know the rules of the game and want to play it. What they’re really thinking is they’ll be better at the game than their opponents.
I mean can you actually imagine the internal monologue of a guy like Sam Altman?
That's not really true on a practical level. For the most part, you can't just buy airline points at the one to two cent price that you effectively get them for in credit card transactions or the even lower price that the credit card companies themselves are likely paying.
Airlines do regular promotions where you can buy miles for less than 2 cents per mile. If you get 2% cash back or pay with cash and get a 3% cash discount and can then buy miles for 1.2 cents/mile during the promotion, you're losing 0.8% or 1.8% respectively by using the card that gives you miles instead.
So do credit card companies run transfer bonuses. There are only a handful of airlines who sell pts < 2 cent per point during promo, like Avianca. Others, including the big three US carriers, seldom do this.
Also the big part of this game is sign up bonuses, like spending $5,000 and get 100,000 points instead of the 2% daily rate.
Cash discounts only really exist for locally owned restaurants and other smaller retailers, not bigger ones like Macy's or Best Buy which have a flat price. So in most cases it is in fact the cash purchasers who are paying the 3% fee implicitly but getting no benefits back in the form of cash back or points.
What the hell are you talking about? You are absolutely not allowed to bet on whatever you'd like with another individual. Depending on what you're betting on (for example, the price of a stock or the throw of a card), it falls under varying different regimes. This is highly regulated and has been for most of the whole of human history.
Yes, there are de minimis exceptions. Your office NCAA pool, for example, is often legal, but it has nothing to do with what we're talking about and is also irrelevant to a business facilitating it via 18 U.S.C. § 1955.
In Spain in elderly caring homes there was a tradition to bet on Bingo matches for simbolic prices (barely one or two euros, enough for a coffee and that's it). It was legalized on paper recently, but technically everyone turned a blind eye.
It was, believe it still is, somewhat similar in Australia, where the game Two Up (https://en.wikipedia.org/wiki/Two-up), which was a wartime favorite among soldiers, was implicitly or allowed on Anzac Day despite being gambling.
reply