this post was submitted on 15 Feb 2024
97 points (77.7% liked)

Technology

59390 readers
3596 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 20 comments
sorted by: hot top controversial new old
[–] [email protected] 61 points 9 months ago (1 children)

stop the presses!! a cryptobro got scammed out of 90k$ "worth" of fake money, we must slow down all computation! for safety

[–] [email protected] 31 points 9 months ago (1 children)

lmao this article is hilarious. This crypto bro is mad because he left some hole open without a fail2ban type system set up.

Bruh if you have 90k in digital cash store that shit offline, or take responsibility for your own security.

[–] [email protected] 4 points 9 months ago

the money was lost the moment it hit exchange account full stop

[–] [email protected] 32 points 9 months ago

Dude couldn't even afford a good password with his $90k in fake money. What a mook.

[–] [email protected] 29 points 9 months ago (1 children)

Security and convenience (not "speed") always pull in opposite directions. The thing is that experts always seem to advise using the highest level of security even for trivial accounts. This creates unnecessary friction, with the result that the average person drops the effective level of security even for important accounts in order to get rid of it. This is not a new problem, just a bad article on an old problem.

(As for cryptocurrency, just don't.)

[–] [email protected] 4 points 9 months ago (2 children)

Yeah I read somewhere that it was considered unacceptable for people to have to wait for a couple of seconds for a password manager to open the vault after entering the password. Like, really? If those seconds mean the account is way more secure because math, isn't it worth it? For the thing that holds all your passwords? People have become very sensitive to such things it seems.

[–] [email protected] 2 points 9 months ago (1 children)

It takes a few seconds to type a password in manually as well, but people seem to regard the time differently if they're actively doing something than if they're passively waiting for something to happen. Nontechnical users regard computers and other devices as black boxes that should respond instantly to stimuli, the way purely analog equipment does. If it doesn't, many of them treat it as broken.

[–] [email protected] 1 points 9 months ago

Yes that does make a difference. And a good UI should of course tell the user that it's doing aubergine in the background. For a password manager, preferably a message indicating unlocking and a progress bar of some sort instead of just a frozen window.

[–] [email protected] 1 points 9 months ago

Password managers typically allow you to use a session based login so you only put in the master password once until you close the browser, it set it to only prompt you every day, week, month, or never again on that device. So most of the time, those few seconds required to enter a password for a website are reduced to 0.

[–] [email protected] 25 points 9 months ago (1 children)

Author is a doofus, but there is one context in which I sorta agree with this sentiment.

It drives me up the wall when, according to my browser, a page is done loading, so I go to click on something and bam, a subscription/cookie/whatever popup appears and steals my click in the millisecond between when I decided to click and when my finger reacted.

[–] [email protected] 3 points 9 months ago (1 children)

I hate that and I'm guessing it is a feature, not a bug.

[–] [email protected] 3 points 9 months ago

Or an ad or something loads in and shifts everything around. Sometimes I don't even end up clicking on anything meaningful to me, the website, or the advertiser. It's just bad design and an annoying user experience.

[–] [email protected] 21 points 9 months ago

TLDR : Skill issue

[–] [email protected] 13 points 9 months ago* (last edited 9 months ago) (1 children)

I can see the headlines now. "GOP passes bill banning civilian ownership of anything faster than a Pentium III."

[–] [email protected] 0 points 9 months ago

Nah the GOP is incapable of being that based

[–] [email protected] 8 points 9 months ago

This is the best summary I could come up with:


A combination of poor password hygiene and weak security on his Windows laptop gave the intruders unfettered access to the digital wallets in which he stored cryptocurrency.

Similar incidents happen every day at scale: people get robbed; organizations have their data lakes drained; nations find themselves under threat.

Our relentless optimization for speed has us valuing a 120Gbit/sec Thunderbolt port over a more thoughtful consideration of how we might be far better served by an operation more complex, secure – and slower.

Perhaps the point should not be which chip or algorithm renders the fastest or most accurate operation, but which systemic approach offers the greatest level of safety and security.

Systems that have no friction in them – running unsupervised, without speed bumps, with no skeptical humans in the loop judging and grading – are hurtling down the highway to hell.

On the other hand, a massive financial transaction or data migration could include baked-in “breakpoints” that require human intervention before automated work continues.


The original article contains 594 words, the summary contains 165 words. Saved 72%. I'm a bot and I'm open source!

[–] [email protected] 4 points 9 months ago

Our answer? Throw a few “speed bumps” onto the road with 2FA and hope for the best. Sometimes that works – but sometimes that mobile's SIM has been cloned and it's all for naught. Speed bumps provide the illusion of safety and security, without actually doing much to slow the escape vehicle. To do that requires a bit more of a rethink.

Brings up 2FA only to complain about the very worst form of it that's arguably worse than just having a strong and unique password.

Yes, SMS 2FA does provide only an illusion of safety, because it's garbage and people have been warned against using it for years.

[–] [email protected] 4 points 9 months ago (1 children)

Are you serious? You had crypto on Windows. First of all, that's the problem. You don't use crypto and Windows together. You just don't. I've been doing crypto for over 10 years and never lost anything because I know what the fuck I'm doing

[–] [email protected] 5 points 9 months ago (1 children)

You don’t use crypto

ftfy

[–] [email protected] -3 points 9 months ago

ftfy

I said what I meant.