"The credit industry got allowed to use it as an identifier"

That's good, since it *is* an identifier, a better one that the first name/surname combination since it offers less collisions. What it is not is an authenticity token.

The problem is not the industry using SSNs as an identification means, that should be OK, but that they are using them as passwords.

Since they are private companies, it really doesn't take "an act of congress" to change things but people voting with their wallets. Would you put your money on a bank that obviously has no security guards and with their vaults wide open to the public?

"In my experience, the dumbness of the policy is directly proportional to the difficulty in making anyone understand how dumb it is."

Well, that's not exactly what we were talking about. If a policy is "just" dumb, or insecure, it's probably not your role to change it but, at most, to share your opinions with whomever is nominally responsible for that.

Here we are talking about subverting the policies in order to be able to get your job done. No need to explain anything here, just follow the policies and let others see why no work is done. By subverting the policy, you are not only not allowing the problem to surface -so it won't get corrected, but offering yourself as a scapegoat when shit hits the fan: not the policy's fault, but yours, since you didn't follow it.

"It's also dumb to allow the CEO to have a non-expiring password that is the name of the company. But good luck telling the CEO he can't have it"

Well, it's a problem if the CEO already has such a password. If that's not the case, sorry, sir, I can't change your password's policy, neither technically nor by authority. Now, if you are technically able to change it and your supervisor commands it -ideally in written, why not doing it? It's not your problem.

"Something like a SSN should be sitting in a well secure table that only verifies if it's a match since no human should ever need to do a customer to SSN lookup"

And this, sir, shows where the problem lies: even basic understandment of what security is about.

Why the hell should be an IDENTIFICATOR be taken for a SECURITY TOKEN???

SSNs should be damn public because they are and should be nothing but a way for you to tell me who you are, just as it is your name. Do you imagine your name being secret? Well, an SSN is just a more cumbersome version of you name: it states who you say you are, just like your real name, but says nothing about why I should believe you are who you say you are, just like your real name.

"by the miracle of crap middle-management ensure that those people only do as they're told and don't think for themselves."

Is not "crap middle-management" but "crap companies". In such companies, the moment middle-management start thinking for themselves, they are fired.

"Most current forms of Access control assume a greater and greater level of access with each level. That still creates accounts which can access everything."

Hey! we could put a name to that. I suggest, hummm... "discretionary access control". What about that?

"What is needed is an access level system that lets you install updates, maybe move files, but not read them. This way the system admin can't access your secure data period."

If only someone invented something we could call, say, "mandatory access controls"...

But then, let's imagine a world where you already could choose between implementing either "discretionary access controls" or "mandatory access controls", what do you think would be bussiness' choice?

"Not because they have nefarious use of them, but because they will need to get their job done, and the official secure way is too impractical."

And by finding and using workarounds you are just making the problem bigger since an undetected problem is a problem that won't get solved anytime.

If the policy in place is dumb, make it obviously so. This way it can be solved, if you don't do it, you are part of the problem.

"You'd think that age discrimination would have hurt Google. They are losing out on all the potentially talented old people and all their experience. According to free market principles this should have put Google at a huge disadvantage in a highly competitive market."

And maybe that's showing in the way they build beta product/services right and left that they don't know what to do with and end up closing some few months later.

A "highly competitive market" is not so highly competitive when you can throw at it a ton of cash to burn.

"If your such a hot shot coder and you have that much experience in the field why didn't you start your own business ?"

hot shot coder != hot shot entrepeneur

That's why.

"Experienced senior dev at my company... perhaps 4-5x the "jr dev" salary. So even if 80% of the young devs turn out crappy, you're still ahead productivity wise."

That would be true if programing was purely effort-bound (which partly is) instead of knowledge/intellect-bound.

Say you own an Formula One team. Do you really think your odds to win the Pilots' Championship are the same if you have in your team one Lewis Hamilton or five Felipe Nasr?

"Well, so you *do* think they have a moral obligation then."

No. I explicitly said they do *not* have any moral obligation.

And exactly because they don't have any 'a priori' kind of obligation, either moral or otherwise, but since I *want* them to forcefully cover any area they are granted a license to serve to, they *should* have a contractual obligation to do so, as any other utility should.

"Does any company have some sort of a moral obligation to provide anyone with internet access?"

No, they don't.

That's why the should have a contractual obligation to be considered an utility and provide everyone with Internet access when granted license to serve a given area.

"They [ISPs] realize they will eventually become a dumb pipe"

They ARE "dumb pipes" and that's exactly the way they should remain.

"Yes, they are ILLEGAL, not just "undocumented""

How can be a person Illegal? Acts can be illegal, not people.

""can thaw and somehow repair cellular damage" is secondary to "...also entire body missing"."

It makes sense. The premise of being able to recover the personality out of a frozen rotten brain is so ludicrous that if by a miracle that happened, producing a full new body out of DNA looks like child's game in comparation.

It also makes sense from the scammer's point of view: after all freezing a whole body in a convincing -even though unworking, way takes money so by lowering their running costs they open the scam to a larger target.

"Some larger animals can do this as well, IIRC, but they have specially developed systems for it that basically replace most of the water in their bodies with an anti-freeze solution. In theory it's possible to do something similar with humans,"

Larger beings, say, frogs, survive being frozen... by *not* being frozen.

As you say, they are able to get into a suspended animation state and their fluids work like an anti-freeze solution. This allows them not to freeze under below-zero Celsius conditions. But if the temperature goes low enough, they will indeed freeze -and forever die.