This example makes no sense to me. An attacker is potentially logging on to the computer and submitting empty passwords to get in. And this is what we're trying to prevent at the expense of having an unclear UX?
What kind of side channel exists if the behavior is: if password is required, zero length input is always invalid. This seems kind of like basic UX. I mean I wouldn't expect the password field to validate against the password complexity requirements exactly, just that zero length input is probably a mistake.
It's not an absolute statement, you'd have to have a childish interpretation of the article to have that takeaway. Not every generalization needs a "well actually".
I just find it funny when engineers trivialize solutions that they themselves wouldn't employ. Like yeah, I'm sure your phpbb solution was a proper vulnerability reporting and triaging system.
Do you think Ubiquiti has hundreds of people on staff to watch their forums to triage every issue within seconds of it being posted? I'm curious what level of support would be satisfactory to you, in this instance.
These people say they don't want all this power centralized to certain individuals, will in the next breath claim that government should seize assets after a certain amount. They want centralized control, they just want their preferred political party to be the ones with it.
There really aren't that many billionaires. Most of what we refer to as billionaires are people who have a large equity stake in companies they run. So are we saying once your equity becomes to large you have to start selling shares?
People who say this stuff usually have zero clue how money works.