Yep. This is the way to treat your crown jewels, which is what your primary email address is. At least until we finally move away from passwords and therefore from password reset flows.

That will, of course, create other problems :D

You can copy your Google Authenticator token to other devices quite easily. Of course, the more places you put the seed secrets, the more opportunity there is for someone to steal them.

They're not usernames, nor are they passwords. They have very different security properties from both, and don't fit into the username/password model.

The main difference from usernames is that usernames are not inherently bound to the person, but biometrics are. If I know your username, I can type it in and claim to be you. If I know your fingerprint, I cannot submit it to a proper fingerprint scanner (note that "proper" is carrying a lot of weight here). Said another way, in the context of a proper scanning and matching environment, biometrics do provide authentication. Very strong authentication.

This highlights, though, that all authentication value in biometrics comes from the integrity of the scanning process, which is why I said that it doesn't provide much when the scanning is done remotely, unobserved, with a scanning device under the control of the person allegedly being authenticated.

While biometrics fail as authenticators in uncontrolled environments, they fail as identifiers in nearly all contexts. The main requirement of an identifier, like a username, is that it be unique. Biometrics aren't.

Well, probably they are in some absolute sense, except for identical twins in some cases, but in practice all biometric matching is fuzzy because measuring bodies and matching them against templates is less precise than matching the bits of a username. Biometric matching is always testing whether the the livescan is close enough to the stored template under some complex distance metric. This means that given a large enough database you will get false positives. And thanks to the Birthday Paradox, this happens with a much smaller database than you might think.

To illustrate with some very rough and approximate numbers. Suppose that a biometric matching scheme has a 100,000:1 false accept rate (FAR). Suppose that this rate is absolutely consistent across individuals (pipe dream, but reality is way too complicated). So, you can think of it as a scheme that creates 100,000 pigeonholes and slots every individual into one of them. The probability of you falling into the same pigeonhole as me is 1 in 100,000. That's actually a very, very good FAR, BTW. I don't know of any commercially-available fingerprint or face systems that good.

Now, suppose I put a bunch of people in the database, and then you present your biometric and we try to identify you from the database. How many people can we put in the database and still have reasonable odds of uniquely identifying you? If we have 250 people in the database, odds are >50% that we'll hit at least one false positive. We'll match you, but also one or more others. What FAR would we need to guarantee a low probability, say 1/1000, with a database of a 1000 people? 500,000,000:1, or thereabouts. Nothing is that good.

The reason that biometrics are useful for identification in, for example, criminal trials, is that you don't (or shouldn't, anyway, it's happened, c.f. Prosecutor's Fallacy) convict a person based only on biometric evidence. You also need to have some other reason to believe they were in the vicinity, or had some motive, or something. They work extremely well as proof that an already-identified suspect was the perpetrator, though.

One other way in which biometrics are not like usernames, BTW, is that biometric scan templates are not really standardized. There are some standards, but they apply only to a subset of scanner types. In general, it is not possible to scan your fingerprint on your phone and send that to an off-device relying party for identification. It could work with face or iris imagery. Sort of. Face identification is much less precise than fingerprint. Iris could be good, I think. Also retina, except retinas change over time. Good identifiers should also be constant.

So, no, biometrics are not good identifiers. They are very strong authenticators, but only in the right contexts.

This is equally true of almost every other use case people have dreamed up for globally distributed ledgers. Unless there is no one who can be trusted to operate a centralized transaction database, the database will always be cheaper, faster and better. And it's even fine to have a set of centralized databases that get mutually reconciled on a regular basis -- which is how the financial systems work.

The only truly good application of distributed ledgers I've seen is for transparency-related projects where you want the data to be fully public and to make it impossible for any party or even large group of parties to subvert. Things like Certificate Transparency. I expect some future systems to be stood up that focus on binary transparency, making it easy to verify in an automated way that the binaries you're running are the ones they're supposed to be and that they're reproducibly-built from a specified version of the source code.

I've yet to see any other use cases where the cost, complexity and overhead of globally-distributed ledgers is justified.

(Distributed ledgers do make a lot of sense in highly-scalable systems under the control of a single entity. For example many eventually-consistent web-scale databases are built on some form of distributed ledger.)

What, in your estimation, would these "competent computer people" do, exactly?

IMO it's better to use a TOTP app on your phone. Desktop OSes are significantly less secure than mobile OSes (though still better than SMS). But, yes, any RFC-compliant TOTP generator will work.

Google Authenticator is an RFC 6238 TOTP implementation, or you can use any other compliant implementation.

How do you ensure that a body part was actually scanned, rather than some bits being replayed? Biometrics provide very high security in attended contexts, e.g. where there's a security guard watching you present the body part to a scanner that is under the control of the entity who is trying to verify you. But when the scanning is done remotely, using scanning hardware that is under the control of the person being scanned, it really doesn't provide much security.

Another problem with biometrics is that body parts can get lost or damaged, locking people out of stuff. Imagine being unable to pay your bills because you got a little cut on your finger.

Biometrics have their place, they are valuable authentication tools, but they have serious limitations. They have to be combined with and backstopped by other authentication mechanisms.

Also, potentially a lot more books became available to those of us who prefer to listen rather than read. If the AI "performance" isn't too grating.

For most fiction and some types of non-fiction, I prefer audio books over the printed word, because they're more time-efficient. I read far faster than narrators read, but I mostly can't do anything else while reading. Being able to drive, mow the lawn, work on refitting my boat, etc., while consuming audio books has significantly increased the quantity of "reading" that I have time for.

I don't think so. I think it's just a mechanical reproduction of the original work, not really any different than a photocopy -- just a different tangible medium. In order to be a derived work, it would have to be a new work, i.e. some minimal amount of creativity would have to have been added, and I don't think an AI can legally add creativity. Perhaps the configuration choices of the person who set the AI up could be considered "minimal creativity". But if not, it's just a copy in a different medium.

It would just be a mechanical reproduction of the original work, so only the original work's copyright would apply.

In the case of a human narrating an audiobook, the resulting work is a derived work, and both the narrator and the author have rights to it. To copy and redistribute it you need the authorization of both.

But in this case, it's just a copy. If whoever ran the AI on it added some of their own creative choices, for example, inserting, deleting or modifying text, then it would again be a derived work. It's even possible that if the only choices they made were which voice to use and how to configure it, that might also be enough to make it a derived work. But the original author still has an interest in the derived work, so none of this works as a way to escape the original owner's rights.

Yes, same as if you ran the book through a photocopier. In both cases, as long as you kept the copy to yourself nothing would come of it. The copyright owner could technically sue you for damages, if they found out, but there would be no damages to recover.

A lot of people don't realize that their primary email account is the key to pretty much every other account they have, because approximately all online accounts use email to secure their forgotten password reset flows.

Personally, I treat my email account as my "crown jewel", the most important thing in my life to secure, since it's the key to everything else. Many of my financial accounts will, of course, send me a notification that my password is changed -- via email, to the same email account (some of them allow a separate account, in which case I have them set to notify my wife's account, but not most). A few of the most important financial accounts will also send a followup snail mail notification of the password change, but an attacker can easily drain them before I get that notification.

I agree with the sentiment, but in practice most adults don't understand how to secure their accounts. Some nannying is justified here.

In that era, most people became slaves when their cities were conquered, and the normal practice was to slaughter the entire population. Slavery was seen as a merciful alternative to death, so it's safe to assume that all slaves were grateful that they were enslaved rather than killed, as evidenced by the fact that they chose not to kill themselves.

Modern sensibilities cannot relate to the idea that slavery was merciful, but it was. Plato himself was was to be executed but was instead sold into slavery, though he had a friend who bought his freedom relatively quickly. Likewise, if you read Plato's works, you'll find quite a bit in there that is shocking to modern views. Plato was an incredibly forward-thinking man for his times... but his was a product of his times.

To alvinrod's point, you almost certainly hold some beliefs that future generations will consider immoral, so it's not wise to judge the people of the past by current standards.

Warfare more likely, yes.

Warfare that escapes well defined theaters of operation, no.

I suspect eventually, every country will give up a small amount of border land for total anti-invasion defense, and the only countries that will start wars are the ones too stupid to understand that they can't invade their neighbors anymore.

The programming for "Kill everything that moves in a box 30,000 feet high, by 2000 miles long, by one mile wide" isn't that complex.

The problem is the idiots who don't understand the basic strategy of closed borders.