After seeing how the XZ maintainer's burnout and mental health decline was exploited to the potential detriment of the whole world, we're totally going to be supporting our developers more, right guys? We're totally going to fund critical OSS and pay maintainers enough to hire on other maintainers to take the burden off of them and reduce burnout, right? Right?
Something that makes this so difficult is that there are so many of these (critical infrastructure projects) just littered everywhere. This kind of thing could happen anywhere, and probably has happened undetected elsewhere for years! Finding all of these would be a day job of its own. Then you have to figure out where all that money is coming from, and what's important enough to get how much money.
@whitequark@blake I'm choosing not to use 2FA, because I want to know that my password is right when I enter it. I do NOT want a random number that is different every time where I myself have no way of knowing if it is the right one.
Also I am very prone to loosing or breaking stuff. And I don't want my accounts to be just one broken device away from loosing them.
So MS, by enforcing 2FA for no good reason, they forced me to abandon my account.
@whitequark@blake I just use strong random passwords. Not a single one of my accounts have been compromised in my life, and I have been on the internet for 30 years now.
I don't need this, and I don't want it. And I don't even believe it. What I believe is, those numbers actually do nothing. The whole thing is just a means to ban accounts without any recourse. They just ban you with the 2FA messasge and you have no way of proving or even knowing that you are entering the right number.
@whitequark@blake It isn't that I actually strongly believe it.
But how would I know?
The thing is, I can't even know if the password would be right.
And where does it end?
I have online banking disabled on my bank account, I don't store important stuff on online services. My risk is minimal, and I am not a target.
I do not need this security, and i don't want it. Neither do I want a vault door with retina scanner at my house.
Especially since ALL data breaches in a decade were server side
@stefanie@blake someone I think highly of got phished recently and I talked to her about it
it wasn't that she isn't smart, or competent, or attentive to detail. she was simply sick with some kind of illness, sleep-deprived, and dealing with an unfamiliar situation
(in that particular case her bank didn't ask for an OTP but their anti-fraud caught it anyway)
@stefanie@blake anyway, no one is forcing you to abandon anything here, you're making an easily avoidable choice and rhetorically presenting it as being forced or compelled to make it
@whitequark@blake See? That is why my bank doesn't even know my email address.
Whatever is online can never be my bank.
And "easily avoidable" is a stretch. Yeah, go buy a device that you have to keep around at all times. Or install an app on your phone for it, because we know that phones are totally secure and can't be compromised.
I think you have lulled yourself into a false sense of security with those gadgets, and are now justifying it by handwaving away all the problems with it.
@blake If there's something that I learned from community, then it's that maintainers can be replaced with the words "So long and thanks for all the fish". Not literally those words, but just to tell them they aren't needed anymore.
@blake Right, just like we learned from a global pandemic that gutting public health was a mistake and doctors, nurses and therapists are now in solid, balanced, sustainable work environments.
Add comment