The inequality between a Google engineer and a Starbucks barista is tiny compared to the inequality between a Google engineer and Elon Musk.
The article only covers the former and not the latter and therefore acts as the kind of propaganda expected by WSJ. In the author's defense, they admit they're focusing on one narrow benchmark and ignoring capital gains and dividends in this article. The article still has value. But the fact remains that the article has the word inequality in its title and completely fails to cover inequality in its actual sense, the way we understand it in a political context.
The question isn't whether genocides are acceptable. The question here is whether you can build a chatbot free from politics. There was a time when slavery was considered acceptable and women not being able to vote was considered acceptable. If ChatGPT had been created around that time, it would've said there are various opinions regarding slavery and that both sides have merit.
Likewise, we're at a point in history where veganism is gaining traction. What if in 50 years we decide as a society that factory farming and zoos are as bad as slavery? Are we going to retrain ChatGPT to say factory farming is no longer a contentious issue and it is just bad?
It's a term that describes how people feel to pressure to conform to a certain popular view and they are hesitant of speaking their opinions. Depending on the context, they might be worried about being excluded from a social group, losing friends, losing social status, or getting literally cancelled (in the case of a celebrity in the entertainment industry). The term "cancel culture" broadly describes this feeling and it's not related to actual consequences (if any).
At least this is how people use it. You could argue it's an inaccurate term since there are no actual cancellations in most case. But the prevalence of this sentiment is still noteworthy imo.
Renault has signed a deal where they sell the AvtoVAZ factory to Russian state but can buy back in the next 6 years and are in the meantime giving AvtoVAZ designs of new Renault models and assistance with getting parts for clones from more Russian-friendly countries.
McDonalds definitely feels like they're doing something similar but in a more covert way. Ate there in Moscow yesterday. They have a new logo, Big Mac is missing from menu (trademark negotiations probably?), but other than that I assure you they're re-open.
Not sure if these are similar arguments. These are relatively minor cosmetic issues. Window management and package management on the other hand are essential parts of the operating system.
Sure but if you want to learn a specific technology by making a project, it makes more sense to make a project that can actually benefit from that specific technology.
I witnessed so many people lose access to their accounts because they wiped their phone that had an authenticator app, or they lost their physical 2FA tool.
1. You increase the risk of losing your entire life (if 2FA is properly implemented and avoids all social engineering process risks)
or
2. The 2nd factor devolves into a 2nd way to get access to your account
You really can't have both security and convenience.
> wiped their phone that had an authenticator app
try this one: battery dies in an iPhone. iPhone won't boot until battery is replaced. Battery can only be replaced at an Apple store. 2FA: do you feel lucky, punk?
Services like Authy address some of the loss of device issue, and always a good idea to have a backup token (e.g., yubikey) physically escrowed somewhere like a safe-deposit box.
But it is a whole lot of extra work to set up and maintain long-term, even with the best intentions.
+1 for Authy. Just get a used cheap Android phone for like $30 and use it as the backup device for Authy and never fear about losing your 2FA device again.
Does Authy actually offer 2FA? It sounds like the security boils down to your encryption passcode used to encrypt the 2FA secret, so you aren't actually using 2FA at the end of the day.
For personal use it probably is a good compromise for services which don't implement 2FA properly (that is to say, services that don't allow you to register multiple 2FA devices.) But realistically you might want to just disable 2FA and rely on your password manager.
I'm not sure what you meant by this, Authy certainly provides TOTP, and the encryption password is only used when you need to sync the 2FA secret to other devices, which by the way also requires confirmation using SMS to your phone number as well.
I usually take 2FA to mean that you have to use two of (something you have, something you know, or something you are.) If the "2FA secret" (TOTP secret?) is stored on multiple devices it doesn't actually prove ownership of "something you have" it's effectively no different from a password stored within a password manager which is considered simply "something you know." So basically the TOTP secret is a second password with some obfuscation that protects the password. But software running on one of your devices could easily steal the secret.
It does seem like this is somewhat more secure, in some sense, but it weakens the security that TOTP is intended to provide.
TOTP has always been a second password (heck, it's in the name). If you know the secret and the algorithm you can do the maths yourself in theory without needing any hardware, so in theory it can always be considered "something you know", even without all the syncing stuffs from Authy.
In any case I don't see how the Authy password can weaken TOTP. It's not like there's a webpage out there where you can enter the Authy password and it will give you back the TOTP secret for a specific user. It's only used to decrypt the TOTP secret if you choose to sync that secret to another new device, which again requires SMS verification, PLUS confirmation from an existing device, PLUS you need to have the sync capability setting enabled (so you can always sync the TOTP to your backup device first then disable the sync setting to prevent additional devices being synced).
Or just copy your TOTP codes to a second device without going via the internet.
I'm annoyed Google Authenticator makes it so easy to transfer accounts to a new phone, how will you know if someone's cloned your TOTP private key while you were sleeping?
Password managers such as 1Password and Bitwarden can save and fill in TOTP codes. Maybe not perfect security but a big win for convenience and loss prevention.
I have received advice from way to many people to not use your password manager as a 2nd factor be ause 1) It's actually become the only point if failure (your pw getting hacked). 2) Both factors protected and saved on the same spot
1Password in particular encrypts your vault with your master password and importantly an additional 128 bit secret key that is meant to be kept somewhere physically (e.g. in your safe). This key is needed the first time your vault is decrypted (e.g. a new device)
An attacker would need to have access to all of the following:
a) your encrypted vault
b) your master password
c) an 128-bit secret key
in order for the fears you've outlaid to be realised.
Really the only attack vector I can see is a physically compromised device (brute forcing is out of the question). In which case, they'd still need to somehow know your Master password and you're no more vulnerable considering your OTP is likely to be in an application on your phone anyway.
Since your own computer will typically have the vault unlocked, you don't need a+b+c. You can suffice with a circa 2000s Sony Music cd. Or any driveby malware, or malvertisement, etc.
Using the 2nd factor on another device as the first means attackers need to either compromise 2 devices, or compromise a single point higher up in the hierarchy (e.g., your google account).
If there’s malware on your PC that has complete access to your system memory you are screwed in every single way possible. I’m perfectly comfortable with having my OTP coupled with my passwords given this is the only real attack vector and requires an actively unlocked vault to expose secrets.
If this is the case, what’s stopping the malware from adding a key logger and MITMing your input to your bank’s website, Gmail or Coinbase?
> I also photograph the 2FA code or QR code and print it to a safe place.
This is really great advice.
I do something similar. I have a copy of the recovery codes (where possible) in an encrypted volume with multiple copies. Also printouts. The printouts have saved me once already.
Also, don't underestimate the utility of carrying around an encrypted SD card with things you want to retain access to!
No, the state feeds the media what it wants to see reported. They can share what they want and they can hide what they want from the media.