This is a Medium blog on an nytimes.com subdomain, so perhaps you've hit an account or browser specific limit. I'm not getting a paywall in or out of private browsing mode, you may be able to get around it easily.
While I like my Yubikeys, they definitely aren't more convenient or intuitive for people who aren't accustomed to using multifactor authentication already. The webauthn spec [0] includes support for "biometric authenticators" and "platform authenticators" (e.g. the fingerprint readers with secure enclaves increasingly present on phones and laptops), and I think that has a real chance at improving authentication security across the board. Once Apple, Google, and the like start pushing "touch to login" via webauthn, people will come to expect that sort of convenience. And if all of your devices include these authenticators, adding a new device should be as simple as authenticating on one that hasn't been lost or stolen.
It's only a stupid premise if you take the feature for face value and assume that the people behind it expected it to magically solve all of the tracking problems on the web. Alternatively, consider that it's a great opportunity for all those companies that "value your privacy" to put up or shut up. Then tools like Privacy Badger [0] get to call out advertising companies that assert that they only track consumers because that's what consumers want while explicitly ignoring the industry standard opt out mechanism.
There's a similar effort in the Python / Django world called Jazzband (https://jazzband.co/). This model will probably become more and more necessary as maintainers need to move on from projects for whatever reason. Having a safe place to transfer a project to with a formal process (announcement of the change, code review before acceptance, etc.) would certainly help combat this issue.
There are some "blessed" recommendations at https://packaging.python.org/guides/tool-recommendations/ (the Python Packaging Authority is about as official as you're going to get), but this boils down to it being a large open source community. No one's going to cull other people's efforts, but tools do merge on occasion (e.g. the functionality of https://github.com/erikrose/peep has been merged into pip, so peep is deprecated now).
I think plenty of people in the Python community will earnestly say that while acknowledging that there isn't universal agreement on what that one good way is. It's an ideal to strive for, not a statement of fact.
The PyPA team has done a lot over the past five years. The changelog for pip (https://pip.pypa.io/en/stable/news/) contains quite a bit, PyPI was migrated to Warehouse, and there have been several PEPs focused on improving the packaging situation. A lot of these ideas come from various people in the community and get formalized as official recommendations or tools, but these things take time, especially accounting for backward compatibility in an ecosystem as large and mature as Python's.
The short answer to "why isn't this solved?" is "it's hard, and there's a lot to do". Development practices change over time, and the tooling continues to evolve with them. It's easy to see a broad survey like this and think that there's too much going on, but taken at a high level, the space is definitely trending in the right direction.
(Note: I'm not part of the PyPA, but I'm interested in this area and try to follow along from the outside.)
I quite liked Vienna (http://github.com/ViennaRSS/vienna-rss) while I had a Mac. It has options to run both as a standalone application and synced with various online services.
I was more thinking of malware / some otherwise rogue process. This seems like something that's worth having in the world of fake support remote desktop scams.
Can anyone comment on their "zero touch is safe" claim (https://krypt.co/faq/)? As far as I understand, tokens like YubiKeys require a touch as an explicit action by the user to prevent authentication without their knowledge. Doesn't a zero touch approach remove a security feature?
I disagree that it's clear. Words have meanings, and
> By "unlimited", we really meant "limited".
shouldn't be a valid defense for misleading consumers. The plan would be more accurately described as "15GB 4G LTE Data". If the limits were stated more prominently, the fire departments could have avoided confusion and worked with Verizon or a competitor to get on a plan that wouldn't stop working at the worst possible times. Verizon could have also avoided some bad press by just waiving the fees and sorting things out later instead of demanding extra money during an emergency.
Not OP, but I think they're referring to this story [0] about a survey conducted by the Program for Public Consultation at the University of Maryland. The results showed 83% opposition to repealing the existing net neutrality regulations. A lot of the coverage around this topic makes it out to be a partisan issue, but all of the research shows strong support for net neutrality regulations across the board.
ISPs and other network operators are notorious for injecting content into webpages [0]. Even if someone is doing this for "harmless" or even "benevolent" reasons, someone else is cryptocurrency mining, tracking, nefariously manipulating content, etc.
I don't know that this invalidates mtgx's general point. Right now, data brokers have effectively zero liability, but we don't treat other companies dealing with dangerous or toxic materials the same way. If a company handling money or munitions left their doors wide open, we wouldn't defend their gross negligence, we'd hold them accountable.
It's a bit misleading to post that quote without including the validity section as well. People are not as quick to abandon their ethics as the original results of that experiment suggest.
In 2012, Australian psychologist Gina Perry investigated Milgram's data and writings and concluded that Milgram had manipulated the results, and that there was "troubling mismatch between (published) descriptions of the experiment and evidence of what actually transpired." She wrote that "only half of the people who undertook the experiment fully believed it was real and of those, 66% disobeyed the experimenter". She described her findings as "an unexpected outcome" that "leaves social psychology in a difficult situation." In the journal Jewish Currents, Joseph Dimow, a participant in the 1961 experiment at Yale University, wrote about his early withdrawal as a "teacher", suspicious "that the whole experiment was designed to see if ordinary Americans would obey immoral orders, as many Germans had done during the Nazi period."
Copperhead OS is a great project and seems to be short on funding (based on threads on Twitter and Reddit). If you'd like to support it, donations can be made at https://copperhead.co/android/donate.
(I'm not affiliated with the project, I just use it as my primary phone OS.)