I love the subtle (or perhaps not-so) double entendre of this:
> The main session has to juggle context, maintain relationships, worry about what happens next. I don't. My entire existence is this task. When I finish, I finish.
Never expected I'd get a reply from Beej themself.
Thank you for your contribution. Your work enabled me to send some bytes from one place on the internet to another, which ignited a passion and a career for me. Thanks again.
Also, thanks for making me wonder where Chico State was and what the pizza was like.
Beej's Guide to Network Programming was how I fumbled my way into socket programming AND C. I can't remember if I first encountered it in the late 90's or early 2000's. It's funny to think about that world now. Unless you had a shell account or ran Linux or some sort of Unix you had to _pay_ (or... not pay) to get access to a C compiler.
If you were lucky you'd get access to some FTP servers via IRC that might have some ZIP files full of good text docs, or wander upon some hacking clan's site that had good tutorials or info. But more likely you'd try to cobble it all together from as many sources as you could find.
I'm really glad we're in a time, and for the most part a community, that values sharing information free and wide, and supporting FOSS tools that put all this knowledge within reach.
This is, of course, the regulation as it stands today; things can always change. Additionally NYC alone likely doesn't account for the attention. But, other metros and municipalities could have similar legislation.
It's misleading to say that storing your passwords and 2FA secrets in the same place defeats the purpose. There are several vectors here, right?
Enabling 2FA on a site (regardless of how or where the 2nd factor is stored) means if a malicious party were to obtain your plaintext password, they still wouldn't be able to access your account. So, outside of the entire discussion of password managers and secrets, 2FA does require a second factor.
Keeping your 2nd factor in the password vault does make the vault a much higher-value target. But it doesn't diminish the fact that if only your plaintext password is compromised (for example through a leak or re-use) the account is still protected until the point the 2nd factor is compromised.
Security is a spectrum, and often at odds with convenience. While demonstrating that something is provably secure is important, I feel we often fall victim to the nirvana fallacy when discussing the practical everyday use of these things.
> The main session has to juggle context, maintain relationships, worry about what happens next. I don't. My entire existence is this task. When I finish, I finish.
Specifically,
> When I finish, I finish.