Google authenticator worked as intended [ ... ]

"NOTABUG: Working as designed."

Yeah, we know, Sparky... The design is fucking idiotic!

It seems clear that one of the OTP codes got them into the rube's account -- the second OTP code allowed them to copy out his Google Authenticator database. If that copy hadn't existed -- and indeed did not exist until Google decided to make copies for itself -- then they would have had to keep pumping him for OTP codes, and the damage would likely have been more limited.

The first compromise can be laid at the feet of the dopey employee. Google bears partial responsibility for all subsequent compromises -- for making and keeping a copy of a sensitive database that the entire security community told them at the time was a STUPID FUCKING IDEA!

To be fair, AirBNB isn't a hotel chain, they're a booking facilitator [ ... ]

"Well, actually..." Let me summarize their so-called argument:

"We are Craigslist. We only list one kind of thing: Rooms for short-term rental. Like items listed on Craigslist, any transaction between rentee and renter is completely private, and any difficulties that may arise are exclusively between them -- we are nothing more than a listing agent and payment processor, and take a small cut of the transaction as our listing fee."

Same "reasoning" with Oober and Lypht, except they only list ride shares.

Looks like all the employees on LI use stock photos:

Gee, it's a real shame that LinkedIn doesn't have the resources of a true software giant, who could dispatch a couple of interns to kluge together a few functions that would compare uploaded profile photos to images available on stock photo sites, and flag them if they find a match...

Yes... Truly a shame that is, evidently, far beyond their capabilities...

Courtesy of JWZ:

What's your favorite tech innovation?

• Illegal cab company
• Illegal hotel chain
• Fake money for criminals
• Plagiarism machine

...Twitter is the hot and popular bar that everyone goes to [ ... ]

"Nobody goes there anymore; it's too crowded. (Also: It's full of Nazis.)"

...who wants to hang out at some smaller bar with no crowd?

Um... Maybe because the drinks are better, made by actual bartenders who know what they're doing (instead of a computer pumping pre-measured servings out of a spigot), and made using decent, fresh ingredients instead of bathtub gin and lime-flavored high-fructose corn syrup? (And because the place isn't overrun by Nazis?)

I mean, if all you want is a Long Island Iced Tea, fine, I'll empty a bar mat into a pint glass for you, but don't try to pretend you're engaged in some higher appreciation of mixology -- you're just getting wasted.

Or, how about a media player that looks almost exactly like Winamp and runs entirely within your browser, thereby offering cross-platform use? Even the visualizers appear to work.

Having a common standard for the EV charging plug should help to facilitate deployment of charging stations.

There was a standard connector! SAE J1772. Every electric vehicle in North America used it... Except Tesla.

I can't understand why everyone's suddenly falling all over themselves to switch over.

Whatever ideals and goals they may have started life with, NFTs and cryptocurrencies are now scams. All of them. No exceptions.

Don't agree? Three points:

1. You're wrong,
2. Watch this YooToob video -- it will be one of the most informative two-plus hours you will spend this week,
3. Go visit the site Web3 is Going Just Great, which has a new post every day -- every damned day -- about the latest cryptocurrency and NFT regulatory actions, arrests, scams, and fsck-ups.

Here's a lovely little resource to help you select a programming font, with IntelOne preselected. It does not appear to have ligatures (which is the new hotness in some fonts).

Fonts that you have to stare at all day, every day, are a very personal thing, like a favorite keyboard, or favorite chair. For roughly 20 years, I was using ProFont (a/k/a ProFontWindows), but last year I switched to Iosevka.

This jumped out at me as well. I'd be interested to know who chundered up this number (and whose payroll they're on). Simple arithmetic will show that $3.4E+06 will get you maybe 20-30 full-time people in the SF Bay area. There's no way Reddit can replace thousands of moderators, each with domain-specific knowledge, with a mere 30 people.

It seems like, every time Huffman opens his mouth, he insults his userbase, his for-gratis workforce, and digs his commercial grave even deeper.

You could degauss the platters. Once done, you'd end up with a perfectly "smooth" magnetic flux field from which no previous data could be recovered. Re-install the platters and re-format.

Alas, it's probably not "economically viable," as it would be labor-intensive and require a clean room.

...There are no nice, genteel words for the "decision process" that spurred this change. This is straight-up congenital brain damage. I guaran-fscking-tee you that all bugs filed against this change were closed with the sniffy, "NOTABUG: Working as designed."

Google Authenticator was correctly designed from the outset. You do not create a single target for adversaries to attack. You distribute the secrets and ideally isolate them so that adversaries have to compromise thousands of systems instead of just one.

As for, "What if you lose your phone?" Well, what if you lose the keys to your car, or your house? You don't expect the home builder or car dealership to chunder up a duplicate, do you? The ability to export your GA credentials has been there for years. Save them to a USB key and put it in a safe place.

Meanwhile, I'll be transitioning completely over to andOTP.

"Don't be evil," has been dead for a while, but I had hoped they would have at least held on to, "Don't be stupid..."

This idea of replacing traditional but not very friendly ways of delivering Linux desktop apps, such as DEB and RPM package management systems. [ ... ]

Pardon my French, but what the fuck is so "unfriendly" about installing DEBs?

RPM and DEB are an absolute $(GOD)-send to users, particularly those who've had to suffer under the scourge of Windows, where you have to update each application individually, each usually with its own bespoke updater (many of which will try and up-sell you on shit you don't need). And if it turns out said program needs an updated MSVC++ runtime? Nothing will warn you; you get to find that out The Hard Way when it crashes, and then you get to grovel through Microsoft's awful site looking for the latest MSVC++ runtime, and pray to the gods that abide that upgrading it doesn't break something else.

DEB just fucking works. Except for very rare hiccups (in my experience), upgrading a package magically upgrades all the dependent libraries along with it. If you get sick of a program and delete it, all the libraries it required get deleted as well (if nothing else also needs them), saving you disk space and reducing potential attack surface. And you drive the whole updating process from one place -- not one program at a time, not with special snowflake updaters the marketing department occasionally throws over the wall. A consistent, reliable management system for all the software on your machine.

DEB is awesome.

...a new, future-proofed engine "built from the ground up in Unity." [ ... ]

I don't think the speaker understands what "ground-up" means...

...NVIDIA's gaming platform...

...What gaming platform would this be, then?

And no, GeForce Now is not a platform. It's a launcher and settings manager. Windows is the platform...