Yeah, the big search engines have been getting more and more useless as SEO has taken over. And now using "AI" which will be even more susceptible to manipulation.
It seems it's not so much they stole the domain, it's that they are using the same name with a different top-level domain. This is a common shady practice in malware. Most people can't afford to purchase every TLD or their domain and so just pick one or two. Problem is that search engines will find the bad TLDs and suggest them over the real TLD if the malware providers do proper SEO manipulation. A FOSS author is unlikely to be able to or afford the time and effort it takes to manipulate search results and most popular search engines are not doing much to fix the problem, and instead relying on "AI" to reduce the costs of maintaining their search results, which does a pretty bad job, IMHO.
Yeah, I doubt the median income is higher here, especially if you have socialized medicine. I make ok money, but the minimum wage here is still only $7.25/hr across the majority of the country, and the median income is around $18/hr. If you figure in the cost of health insurance average around $600/month. Though employers often cover a portion of the premium. And the median rent is $2000, much higher in cities of course. And gasoline in my city is over $5/gallon even with all of my tax money that subsidizes it. And of course, lower middle class pays the highest effective tax rates generally. So having a budget of $200-300/month for food is relatively normal for a single person with a median income.
Eggs are around $6/dozen for the cheapest right now but have been as high as $14/dozen in the last year due to the shortages from processing company consolidation. And milk right now is $6/gallon. Plus with borderline cholesterol I avoid cow's milk. If a dozen eggs costs an hour's labor, that's not very affordable. Especially when rent costs more than most people make in a month. My partner lives with 3 roommates and only makes around $20/hr. Food has to be quite cheap.
I was just giving an example. Sure if you avoid fresh produce, eggs, milk, or meats you might be able to make some cheap meals. But those things right now are very expensive. Beans are still pretty affordable for the nutrition.
Not really. An ever shrinking head of iceberg lettuce is about $2.50. A pound of the lowest grade ground beef is about $8. Bag of store brand buns is $2. A beefsteak tomato is $1.50. Pack of store brand American Cheeses is $4.50. Add in the other condiments that are harder to break down the price of, electricity/gas cost for cooking, water for cleaning, etc., and the cost for the cheapest, crappiest version of 4 quarter lb burgers is not much different than the $8 times 4 that McDonald's is charging and I guarantee the quality is lower (lower ratio of meat:fat in the burger, buns with more sugar and preservatives and less fresh, etc.) And this is just the consumables, not the having a kitchen to do this in, the pans, utensils, etc. Unhoused people don't have those things.
It used to be that because McDonald's, etc., got their stuff in bulk and used lower quality ingredients and low paid employees, they offered these products for very low profit because of high volume. Now the cost including labor, supplies, etc., is less than half of what they charge. So their profit margins are huge if they have the same number of customers. But their customer base is going to dwindle, and so the profit margins will shrink, but that's not a concern to corporations that only focus on today's stock prices and don't care about tomorrow.
Food and gasoline prices have skyrocketed. Infrastructure is a mess in most of the country so it takes longer and longer to get anywhere at peak times. Companies have cut costs in offices so they're just crowded and full of distraction and germs. So yeah, lots of time and money is saved by working from home.
Unfortunately, the cost of healthier foods has gone up at the same pace. Instead people end up eating less or giving up other necessities like downsizing their housing or moving in with parents.
Depends. Ideological movements can push past distributed money using targeted money aimed at those it puts in power that don't care about the effects of their actions, even if usually only briefly. Like what led to prohibition of alcohol. If Trump gets into office and is given enough money by the ideologs, he'll be perfectly happy to destroy the whole system for personal profit. And he doesn't care if a whole section of the oligarchy falls apart, he just wants to be dictator for the rest of his life. And that's not all that many years anymore.
Firefox won't for much longer. Or at least not without significant spyware installed. I'm hoping it gets forked before the new CEO can do too much damage. Sucks that it will split the community with such a small user base already. But I guess that's the point.
I'm not saying it doesn't count as authentication, it just doesn't count as authentication to the security of the server directly. That's the device's security and configured by the user, not the server. And user devices are very prone to exploits to the point that many law enforcement agencies don't even bother asking for a password anymore to access a device.
So, let's move to a physical model as an example. Let's say you have a door. It has a very simple door handle lock. You keep your key inside a hotel safe. Sure it might be difficult to get the key if they had to enter the hotel room, cut open the safe in place, and get the key while they're standing in front of the secure door, exposed. But that's dumb. They could just as easily grab the safe out of the room and open it later where there's room for proper equipment, use a known exploit for the particular safe, or use other exploits all out of view of the door/server and at any time until the user realizes you know how to open their safe, because the door/server will never find out. Once that safe is open, you have not just the key to the door, but the key to all locks the user uses since now we only have "something you have" factors and the user uses only one device. Just like when we only had "something you know" factors and the user uses the same password everywhere.
So what does the passkey help with? It makes the lock and thus the key itself more complex. This makes it so that brute force attacks against the server are more difficult. But it doesn't solve anything that existing TOTP over text messages didn't solve, other than some complexity, and it eliminated the password (something you know) factor at the server. Something a lot of companies are already doing and we already know from experience is a bad practice. It has changed the hacking target to the device rather than the person. But still just one target, you don't need both. Sure it's better than a really bad password that's reused everywhere. But it's not better than a really good password unique to a site that's only stored in a password manager on the user's device that requires a separate master password to access (outside of MitM attacks that TOTP mitigates).
Now, what if we have a door with two locks, one that requires a code, and one that requires you to have access to a device. Now in order to attack the door, you need two factors right at the time you're standing at the door. Also, there's probably a camera at the door and someone paid to check it periodically when someone tries too many times, which isn't the case in the user's safe/device. So even if you get the key from the user, you still need to brute force the second lock efficiently or you need to implement a second exploit to get the second factor ahead of time. This is the idea of two factors at the server and the current state of things before passkeys.
But that's not really how the stock market works anymore. Now investors don't buy stock to support a company and draw a portion of the profits. That version of the market hasn't existed for a while.
Now, the market is used as a gambling platform for wealthy people and is kept afloat only by IRA, 401k, charitable trusts, etc. Basically, a company is having trouble with profit. You buy into the company, put in a CEO you can control, have them boost the price at the expense of employees, customers, and long-term profit. Sell the stock. Let the company fall apart.
Then buy it low, have the CEO make up a new product based on whatever tech fad is popular. Sell just before the money is spent. Let the project fail because all the money was spent on marketing and consultants and not on the employees to actually do the project. Buy up the stock again, do some stock buybacks, sell again, etc.
But it's never a strategy of: hire really good employees, make them happy, give them an achievable project with enough funding, increase the company's reputation by making quality products, etc. That requires actually good business plans and products and a lot of work and no short term, "hey look at how much money I saved by cutting budgets even though everyone said our products will be crap without it," kinds of flashy quarterly reports.
Playing the gambling game is more reliable profit and with retirement funds and all that keeping serious market crashes from happening, and the politicians being on their side and willing to bail them out if it does get bad, there's a lot of wiggle room and a lot of people to lose money and funnel to them that doesn't affect the corporations.
But authentication to access the passkey is on a remote device. So the server doesn't have any information about if or how authentication was performed for the person to access the key. If they use a 4 digit pin or, worse, the 4 point pattern unlock, it's easy enough to brute force on most devices.
This is also why using a password manager is not two factor authentication. It is one factor on your device and one factor on the server. But no one monitors the security logs on the device to detect brute force attacks and invalidate keys. Most don't even wipe the device if the pin is being brute forced.
Not related to the article itself, but I'm curious why use of archive.is has become so popular around here considering that they refuse to provide DNS replies without edns personal information attached? I'm not familiar with the politics involved, but a lot of DNS providers are getting blocked by archive.is for not providing that info, including my own home DNS server and cloud flare 1.1.1.1 and many others, so I'm surprised to see it gaining popularity on Lemmy.
Problem is that if the factor is not authenticated by the server, it doesn't count. Not saying it's not helpful, but it's not part of the consideration when designing the security of the system.
The device can be attacked for an indefinite time and the server knows nothing about that. Or the device can disable that additional security either knowingly or maliciously and the server has no knowledge of that breach. So it's still a single factor, "something you have" to the perspective of the server when considered security.
I've worked with healthcare data for decades and am currently a software architect, so while it's not my specialty directly, it is something I've had to deal with a lot.
I don't like passkeys yet because they're implemented poorly on most platforms, IMHO, because they replace two factors with one. Some don't let you also turn on two factor auth at all which is dumb, but the ones that do then often only have options that use your device as a factor either through text or email. So if the passkey is your phone and you add text messages as the 2 factor option, that's still your phone. Or if your passkey is your laptop and you're logged into your email on the laptop, it's just one.
Ah, thanks for clarifying. I didn't see that mentioned anywhere and the git repo is showing .io