I’m having trouble understanding what you’re saying.
You’d think we’d be better off even with the higher attention, were it to exist, because the level of attention going into making FIDO2 as secure as possible would scale with its userbase. Same with any other security solution being implemented.
Very cool. I remember seeing a similar tool called Yewno that Stanford had access to that had a semantic web of topics linked by a graph, and wanting to find or make an open source alternative. I can see a lot of possible uses for this in the future.
I hate OS-level ads the same if not more than any other HN reader, but that's like saying we shouldn't be glancing out of the window for half a second because it would scale up to losing ~100,000 hours of productivity every day. It's a fraction of a ten-thousandth of a workday - anyone concerned with that level of optimization shouldn't be using humans to begin with.
I think you're looking at it from the individual's point of view instead of Microsoft's. Of course at the local level a person or even small business shouldn't be worried about a second of time lost. I'm not saying we should be concerned with employees glancing out the window. I'm saying any decision that affects 800,000,000 people has very tangible consequences.
I think an apt analogy would be the "Take a Penny, Leave a Penny" tray at convenience stores. Nobody cares if you take a penny from a gas station. But if someone figured out a way to take a penny from every tray in the world, that would raise some real questions about theft that would need to be answered.
I’m fairly new to this site, but it’s been eye-opening as a student to learn from professionals and other tech enthusiasts. Hope everyone on HN has had a great decade.
I had the thought a day or so ago that a system could be created to tie images to their respective cameras with a private key stored inside of a chip that self-destructs when you attempt to read the key from outside of it, along with a trust hierarchy of certs from various camera manufacturers. A little like hardware auth tokens mixed with PKI.
Does that sound like something that would be feasible to produce/practical in the real world?
Feasible? Sure, to the limits of what we can do with secure enclaves today.
Desirable? Well, you've created a system that authenticates a camera as being at a place at a time. It's a good way to authenticate photos, but a bad way to stay anonymous.
How do you feel about photographers and journalists becoming even larger targets for anyone who wants to keep a secret?
In the past the actual image authenticated that the camera was at a place at a time, and anonymity was preserved.
The issue is : does it authenticate that a particular camera that belongs to a particular person is/was at a place at a time and produced an image - because if so then if the device is found in a search the owner/user/keeper is in hot water.
So the camera must be anonymous - but it must be impossible for a lie about the place and time to be encoded into the image.
If you assume that "Anyone could have been using that camera!" is a defense, you're absolutely correct.
It's perhaps worth considering that an authoritarian government might not trouble itself with such legal niceties. All they have to do is mandate that journalists with cameras register their keys, make possession of a camera with an unregistered key criminal, and track sales / border entries. China springs to mind as a country that might do such a thing.
Again, you're absolutely correct in asserting that anonymity of camera-user is important! It's just perhaps worth considering how linking hardware to images might undermine that in dangerous ways.
something similar was done a number of years ago but cracked later. I think it was Nikon who had it and the proof of the crack was someone signed the Beatles crossing the road with a Nikon camera key.
Meanwhile secure enclaves are now possibly a lot safer, but as Kalium mentioned it might not be very attractive for everyone.
For forensics experts however it could become very useful I believe.
If someone uses the same username in multiple places, and another site has a user with the same name, it’s easy to assume they are the same person. If there is a risk of impersonation or confusion with another account, it’s fair to try to protect your reputation by registering an account in that name and not posting, especially if you are well-known in some internet circles.
> and another site has a user with the same name, it’s easy to assume they are the same person.
No, no it is not. Not at all... You are one of the lucky people who managed to get your chosen handle on those sites.
My preferred handle (givennamesurname) got registered in 2008 on twitter and hasn't done anything since (no tweets, no profile, etc).
On instagram, both (givennamesurname) and (givenname_surname) are taken, so I went with (surname_givenname).
The only real way to get around this is to just list your social media / accounts on your personal website. Then prove that you own it on keybase with gpg or whatever.
> it’s fair to try to protect your reputation by registering an account in that name and not posting,
If you stay on top of / are aware of every new service. I was 12 in 2008 and wasn't concerned about name squatting.
If you want a short-and-simple username, you need to do what it takes to defend it, even if that means logging into twitter once in a while. Even registered trademarks require active defense, or they lapse[0]. Why should it be as easy as just grabbing it first, especially if that pollutes the platform in a way that hurts the platform company?
If you want an easily defended but unique identity, pick something that isn't short-and-simple, and you'll have less competition.
It seems that a lot of problems regarding email involve a lack of transferability between providers, and I don’t think that having a government-run mail provider would adequately solve that.
Instead, maybe an extension of existing mail protocols to allow for updating address information would be better - for instance, mailing a deactivated address would give a special response announcing the change in address, so that information stored about addresses can be updated without user intervention.
Your analogy doesn’t work, because the general consensus is that there is no better alternative to taxation. It is a necessary evil - unlike Stallman, who, regardless of personal opinion, has others who are qualified to replace him.
Is it fair to say that because there will always be more specialized skills to be learned, that none should be learned?
Everyone may not need to know how to repair their car, but to perform basic, routine maintenance on it and to learn driving technique as intended is something that, when neglected, can cause major inefficiencies.
Specialization says just the opposite. That everyone should specialize in a combination of what they are good at and there is a demand because it is much more efficient and trade those goods and services that they specialize in for goods and services that they don’t. In the modern era instead of trading directly, we use money as an intermediary.
Economics 101 says just the opposite, that you create inefficiencies when you don’t specialize. Why is car maintenance anything that everyone should know and not plumbing, electrical work or carpentry?
> Economics 101 says just the opposite, that you create inefficiencies when you don’t specialize.
That's simply bullshit. If you specialize on only installing tires on cars, but not removing them, you have specialized more than a business that swaps your tires, but you have created massive inefficiency by requiring your customers to somehow move around vehicles without tires for you to install tires for them.
There are particular circumstances where specialization increases efficiency, and there are (obviously) other circumstances where specialization decreases efficiency, so it's nonsensical to just say that specializing is always the more efficient choice, which is why all your analogies fail: You use an example where specialization (arguably) increases efficiency, then you completely fail to explain how computer skills fall into the same category as that example, and then you conclude that therefore it is in the same category.
> And you left out the part where I said “and there is a demand”. There is no demand for someone who can remove a tire but not install it....
Well, then that's simply the claim that markets solve all problems optimally ... which is equally bullshit?
> Every specialization is about knowing the level of integration and specialization.
So ... specialization is always better, except when it's not? Yeah, duh!? How exactly does that help us with determining what the right level of integration and specialization is?
On a personal level, the “right level” depends on your disposable income and your talents. I have the disposable income to throw money at a lot of things that I don’t want to do - not bragging almost any software engineer in the US should be at the top quintile of earners for their local market.
On a broader scale that’s the entire idea of the value chain.
If you know nothing whatsoever about cars or maintenance thereof you will get taken by the salesman then you will run your cars into the ground burning money and then get ripped off every time you need someone to maintain or fix your car because you don't know enough to know when someone is bullshitting you.
People are expected to know SOMETHING about cars because they are frequently a huge expense that you are required to expend to be able to exist in a lot of places.
Econ 101 in this case assumes that time and money are fungible in any particular increments and that the money they earn doing whatever they are optimal at is greater than the cost of the specialists services.
Example someone making 20 bucks an hour needs a professional service that requires 3 hours of work for a professional at a cost of $900 learning to do so ineffeciently for 5 hours then spending 6 hours seems like a, huge waste but consider.
- Just because their labor is worth $20 an hour doesn't mean that they they can trivially in the context of their current obligations convert a day off into extra pay right when they need it.
- 11 hours x 20 hours will furnish 1/4 of the money required. Even given an immediate alternative it will require 45 hours of additional work.
Incidentally if you own a home you probably ought to learn at least enough basic maintenance to fix simple things.
Yes there are transaction costs to doing anything that you pay someone else for. In the IT industry it’s just like deciding to build versus buy and using managed services. Setting up a few VMs on Linode and hosting all of your own databases, queueing systems, etc is much cheaper than buying the same from AWS, yet and still organizations pay more for AWS everyday, why is that?
Every time you go out to eat, you are paying a markup over something you can do yourself - do you go out to eat?
Would it be more efficient for me to cut my own grass and maintain my yard on the weekend than pay someone else since I can’t convert that time I save on the weekend to cash - of course. But that’s time I can spend with my wife or relaxing. I also haven’t washed my own car, preferring to go to the car wash since I got my first real job out of college.
My maternal grandfather was a “man’s man” he built his own house, could fix cars, he took his pigs to the slaughterhouse and had a ranch with cows that he maintained until close to the time he died. On the other hand, my father isn’t as mechanically inclined, always looked up to his father in law and it took him years of convincing that it wasn’t emasculating to pay someone to do something that you’re not good at.
Doing a bit of maintainence can take you 2 minutes, having it done by an expert could take 2-3 man hours once all the inefficiences are considered (getting to the mechanic's shop, setting a price, waiting for things to be done, all the overhead of running and advertising the shop).
Based on my experience with talking to clients and observing them while doing B2B, if the average office worker had decent Excel and Googling skills (let alone the skills of the average vim user) they'd save a couple of hundred hours a year.
You’d think we’d be better off even with the higher attention, were it to exist, because the level of attention going into making FIDO2 as secure as possible would scale with its userbase. Same with any other security solution being implemented.