> they didn't have antibiotics, anesthesia or life-saving surgeries. They didn't have access to a grocery store a short drive away, or a fire department.
They wouldn't even dream about these things, so they weren't unhappy because of it.
You can't feel like you need something if it doesn't exist (in your era at least).
Today we still don't have casual space travel, time travel, the elixir of life or the wonder drug, but it's not the lack of these things that is making us unhappy.
Crossfit is really excellent for all around 'functional fitness' but in my opinion has too much injury risk, and doesn't focus enough on building strength and muscle, which are functionally useful, and are also key for looking fit.
I would recommend most people start with an introductory strength training program that does heavy compound lifts like Starting Strength, and having a professional coach spend a few hours at the start to make sure you're doing it safely. Heavy compound lifts have a lot of specific hormonal advantages, and can be used in addition to bodybuilding type (high rep/low weight) lifts.
This, coupled with a pretty standard high protein 'recomposition' diet will transform most peoples physique pretty rapidly. Look up the article "To Be A Beast" by Jordan Feigenbaum. Other more advanced 'powerbuilding' diet programs like LOOK STRONG NAKED, The Deep Water diet, the Vince Gironda diet, LeanGains, etc. require more effort but can get you both very lean and very strong.
Maybe to _you_, don’t assume other people are the same way.
Along my whole career path (I’m a senior now) I’ve always been curious about the high-level technical stuff and took every opportunity to listen to knowledgeable people.
I think there’s a term for it: incidental knowledge transfer.
You might be stripping that person of the opportunity to grow, or maybe just to hear about something interesting for them to follow up on later.
yes I am confused why people aren't discussing OTBC ... is it an assumption that if you lose all your possessions then you lost these as well? Doesn't seem valid as you can certainly give them to a trusted person for safe keeping as well. Or bury them in the ground if you want somewhere.
I also don’t have a WiFi password at home, if it matters. Of course, I don’t have Internet banking nor do I do much (if at all) money-related things with my phone, something tells me that makes me more secure than people who trust Apple and Google with their money (at least the local banks have to answer to the authorities).
What’s your employment specialty that makes you trust Apple and Google?
Having a Wifi password is honestly pretty important unless you're remote enough that there's just no chance someone can access your network. Remember, unencrypted WiFi doesn't just mean that someone can access your network, but also that they can collect your traffic.
I think they probably mean that this switch is software-based, so turning it on does not physically disconnect the underlying hardware.
I doubt there is any proof that some kind of system activity is still taking place while in airplane mode, but that might be irrelevant.
For some people, depending on their threat model and personal preference, what's important is that it's impossible to prove beyond any doubt that this is _not_ the case.
Ok I see, I understood the first sentence like you then but wasn't sure what was the point of a blanket statement there. I do feel like this this is something measurable with tool it could be easy to prove but I guess this isn't the point of this paper.
> But they don't have a problem - they just don't use the passwordless sites.
If nothing else, the idea of having a separate e-mail account/inbox per use case is an interesting one!
Much like those people that use aliases or something of the sort to be able to tell where who sent then a particular email, like if suddenly some shop+my.account@gmail.com started getting random marketing mails.
> If anybody, it's the sites having the problem of missing users.
I mean, isn't that just the consequence of websites optimizing for whatever seems to work for them and forgetting about the minority of users? It might be missed profit, sure, but that depends on just what portion of the users view this as a dealbreaker.
Maybe there could be an app like Google Authenticator that would offer login to multiple websites through one's phone? We already have that in Latvia somewhat, for banking - you enter your user details in the web form and get a prompt on your phone for your PIN to log in with in the web app: https://www.smart-id.com/
Thats a crazy level of risk assessment for an average user.
> how does your password manager help you if your email password gets leaked?
You still need my TOTP codes in my case at least, which conveniently are stored in my password manager. Is it perfectly secure? No, of course it's not, but frankly my risk profile isn't worrying about a targeted attack on me and my password manager, it's worrying about leaked shared credentials.
Side note, I also get a push notification on my phone whenever a new device logs on, so unless the attack is _extremely_ targeted, well timed and they know what they want, Its not a risk for me.
> Thats a crazy level of risk assessment for an average user.
It really isn't. Think about it for a second: how hard is it to spot phishing attempts when they are sent to an email address you know for a fact you're not using with a service?
And how vulnerable are you to phishing if your special-purpose email address that you only use for one specific purpose receives zero spam?
To claim that the most basic and easy internet security precautions are at a "crazy level", first you need to somehow believe that no one is targeted by these schemes. But somehow there's a whole international industry that thrives on stuff like Western Union transfers. Why is that?
Perhaps instead of telling everyone to think on things for a second, you should think on things for longer than a second?
>And how vulnerable are you to phishing if your special-purpose email address that you only use for one specific purpose receives zero spam?
This would depend on how you setup the email address, if it truly a separate email address i.e a separate account not just an alias then phishing is not the concern but management of the accounts becomes a huge problem
I use separate alias's for every service against my own custom domain that has a single email account. This is not to prevent phishing but to detect when a breach occurred or when my info is sold, you assume that when you sign up for a service only that service will ever have access to your info, many many many companies and service sell your email address to marketers.
Do you think youre going to get scammed and send a fraudulent Western Union transfer? What do you think the venn diagram overlap between "uses a specific email for each service" and "gets phished" is? The people that even have the capacity to do the first aren't going to fall into the second. If someone is sending fraudelent transfers to scammers, they're not going to be smart enough to create multiple emails.
> Do you think youre going to get scammed and send a fraudulent Western Union transfer?
I know for a fact that there are targeted phishing campaigns aimed at users of specific services such as LinkedIn and GitHub and Twitter and etc, primarily because I've been targeted by them.
> What do you think the venn diagram overlap between "uses a specific email for each service" and "gets phished" is?
I know for a fact that the Venn diagram of phishing attempts sent to email accounts that are not used by those services is practically zero.
Do you understand how trivial it is to identify and filter out these attacks when they are sent to addresses that are already known beforehand that are not used for that purpose?
> To claim that the most basic and easy internet security precautions are at a "crazy level",
Basic and easy internet precautions are not "register and run a domain and host your mail yourself". Basic and easy precautions are don't reuse passwords/use a password manager, use a reputable email provider, enable 2fa with totp, and dont click links from your emails
> first you need to somehow believe that no one is targeted by these schemes.
I don't see how you come to that conclusion at all. The assumption is that _everyone_ is targeted by those schemes.
> But somehow there's a whole international industry that thrives on stuff like Western Union transfers. Why is that?
Because they're low risk high reward, easy to set up, and you only need to make one mistake.
You are right of course in one sense, but look at the comments here! If the HN crowd is still sending verification links rather than codes to be copy and pasted, that implies regular folks are still clicking the links..
can you name even one service that uses login links and allows you to configure an address that is exclusively used for login links and not any other communication?
i'm not talking about unselecting all other types of communication, but rather having the service store 2 different emails for you. one for logging in and one for communication.
That is a fair point, indeed this would probably make the configuration page extremely complex.
I guess my suggestion would only work for cases where you don’t really care much about other kinds of notifications.
100% agreed, therefore, we should keep emotions out of it.
> People going there... could complain. Or take no sugar. Or choose a different coffee shop. Honestly, it's up to them. It's pretty reasonable to feel a bit upset though, I think, in that situation.
Exactly, they can just leave, pick an alternative. Why do they take to social media and cry about it? What do they expect to gain this way?
> You have costs to cover? Well, I'm sure you'll figure something out. You'll probably lose some customers and gain some others. Maybe it'll work out; maybe it won't.
Indeed they have just figured it out - they started charging for sugar. They will lose customers, most likely, but I don't believe they haven't seen that. I'd wager that it's the customers who got caught by surprise, and our now making a big deal out of it.
In short, I agree that we shouldn't have any sympathy for the companies in this case - it's just that I'd extend that to the users as well.
That is also true for every password-based account without 2FA by means of password reset.
Plus, having someone access your email account means you're pwned anyway - they can see your sensitive documents that were received / sent as attachments, they can read recent conversations and phish information, maybe even ask for a downpayment, etc.
So the basic rule should be: don't lose access to your email.
That doesn't mean that email-based login is good, just that IMO this point is kind of moot.
Yes, you're very pwned if somebody has access to your email account. But less pwned than if they can also access all your other accounts directly at the same time =)
Of course, combining email-based login with another factor makes it more secure again, I was just talking about one factor.
They wouldn't even dream about these things, so they weren't unhappy because of it.
You can't feel like you need something if it doesn't exist (in your era at least).
Today we still don't have casual space travel, time travel, the elixir of life or the wonder drug, but it's not the lack of these things that is making us unhappy.