2FA has tried to solve exactly this. Not many attacked people will hand over their password AND their phone. Yes I know, they might hand over one authentication code (and I know people who did exactly that)... We should also look into reducing the attack surface - if you get Instagram hacked you shouldn't get your Facebook hacked as well. But the current big tech centralization leads us to that single point of failure, because they don't care about the user's concerns only market grab. So... what now? Do we get the politics into this?

One authentication code is often all that's needed to *change where the authentication codes are sent*

Not to mention that most 2FA still uses SMS, which has it's own well-understood security flaws.

You're on the right path. As long as we continue to use email as a fallback to every other form of authentication, it will remain a single point of failure and a relatively weak one at that.

OP is still correct. No matter what, humans will remain the weakest link...it's in our nature to sympathize and every one of us has distracted/weak moments. It's just a matter of time; look at the guy who runs haveibeenpwnd...getting pwned.

I was just wondering why the Trivy compromise hit only npm packages, thinking that bigger stuff should appear sooner or later. Here we go...

I'm in Western Europe and while there are chargers everywhere, you need hundred apps to register to charge, some slots are broken (empty yet show busy), some refuse to charge my PHEV... we're not there yet.

Interesting. I occasionally rent EVs in Western Europe, and they just come with a single RFID card which seems to be accepted by all charging providers.

You can use the chargemap card which is virtually accepted everywhere but they add their own fees which can be ridiculous, sometimes it can even double the price of electricity.

I think people here are also more fond of 4chan than the average citizen, and also in general rather fond of technological freedom of anything. Makes sense, being players basically in the team about to get a red card. Like it or not, the global internet became a convenient way to skirt local laws and I don't see any reason why exempting something in one place only because it originated in some other place. Is now enforcing a law "the CCP way"? Should internet be kept lawless only because... internet?

Of course, because they're not proposing "apply our laws in our country" they are proposing "apply our laws in another country". If you want to enforce this law you need to do it the CCP way (punish your ISPs for alllowing it into the country and monitor your citizens for accessing it) because you don't have the jurisdiction to enforce it otherwise. Let's not forget how many UK criminals have made fun of Kim Jong Un's haircut and are getting away with it because the UK is such a lawless place that doesn't enforce DPRK law.

Why should it be done that way?

If a country has media or broadcast standards laws, and you distribute or broadcast content in that country that violates those laws, that’s on you. The country can just fine you if you chose not to comply. Just the same as they would if you were doing it while living in that country. You’re not obliged to care about the fine if you don’t live there and never intend to travel there. But if you do then you’re going to be subject to their laws at that point, for violating those laws when you distributed that content in that country.

It should be done that way because nominally the law is supposed to address a serious problem (supposedly protecting kids) as they justify that as the reason for an invasion of privacy and additional business regulations. Ignoring the reality of what the internet is and passing a law that clearly won't achieve it's stated goals but has serious drawbacks that will be enacted is not good governance, at best it's showboating at worst it's a deliberate step towards an Orwellian panopticon.

This is nonsense.

The hardware that propagates the data transmission is owned partly by the UK and partly by Canada. The Canadian website operator has turned off the transmission to the UK on their side and has fulfilled their obligations. The UK is complaining that they didn't turn off transmission on their side.

What you're saying is that the website operator should travel to the UK to enforce UK law from Canada. It's nonsensical.

Edit: If this wasn't clear enough here is a cartoonish version:

Ofcom: Your site violates UK law. By allowing UK citizens access, you must abide by UK law.

Website operator: I do not care about serving UK citizens and am now blocking UK IP addresses. Thank you for notifying us.

Ofcom: We have decided that we will not block access to your website from the UK. Therefore it is theoretically possible to access your website anyway, which is a violation of UK law. No matter how much effort you spend on ensuring that UK citizens do not gain access to your website, we will make sure that there will always be a non zero possibility of violating UK law. Since we are not blocking anything, the blame cannot lie in UK users circumventing a UK side block, which would force us to prosecute UK citizens rather than you as the website operator.

Please shut your website down to ensure compliance.

Website Operator: Okay so you're telling me I have to build the great firewall in the UK, make all ISPs adopt it and lobby a change in UK law to make the firewall mandatory, just so I can host my website?

Ofcom: yes

> Website operator: I do not care about serving UK citizens and am now blocking UK IP addresses. Thank you for notifying us.

Wait did 4chan actually block UK addresses? My understanding was it hadn’t which makes your story fall apart.

The idea that a router is responsible for the packets it forwards rather than the person that made the content and put that content in those packets is getting silly.

Yes it should, there is no global law, and hell forbid there ever should be.

It's fucking stupid that an American site that is afforded free speech protection in its own country has to deal with the UK acting like a tyrant.

> there is no global law, and hell forbid there ever should be.

There are so many global laws that are actually enforced. Of course they all origin in the US. See KYC/AML laws.

You know a bunch of people feel that way about the US forcing it’s copyright laws on everyone, right?

That, and also using English words in the middle of another language phrase confuses them a lot.

yes. the current release of our model is english-only. so other languages are not expected to perform well. we'll try to look out for this in our multilingual release.

I think I tried on my Android everything I could try and 1. outside webpage reading, not many options; 2. as browser extensions, also not many (I don't like to copy URLs in your app) 3. they all insist reading every little shit, not only buttons but also "wave arrow pointing directly right" which some people use in their texts. So basically reading text aloud is a bunch of shitty options. Anyone jumping in this market opening?

we'd love to serve this use-case. i'll make a demo for this next week and comment here with it.

I don't know about the rest, but Clinton when he left the presidency was actually in (legal) debt. He raised to the actual 100+ million way after his presidency, so Newsweek is presenting it wrong.

Indeed, because how could that LLM know what I didn't like about all other to-do apps? It will generate a new one more or less the same as the old one, but the user will be happy because "yay it's mine". Maybe. Or maybe not.

Sitting on it is a predictable cost, while building means a costly chaos which may or may not turn out the wished profitability. So when you are used to "old profits" you maybe rather wait on the predicted do-nothing-cost, and hope for the tide to turn again in your direction.