Readit NewsA solution sometimes seen in London is a “Pedestrian Scramble”, where pedestrians are explicitly given full (and even diagonal) access to a junction with all other traffic stopped.
Some places let you configure SSO+2FA, which helps; but in most cases clicking a social login button gets you full access.
And speaking of a single point of failure, cloud password managers look even worse[1].
[1]: https://thehackernews.com/2023/02/lastpass-reveals-second-at...
For example, where the authentication request is coming from (on-site, managed device), what methods are being used (hardware second factor, Authenticator app).
These are all things that the SSO can check at time of authentication, before a token or session key gets issued to the user. Also, all of these things can be checked again when doing any auth flows for the various linked services.
So with stolen SSO credentials, they might be worth diddly squat to you if you didn’t think to also be on-site or on a managed company device (physically or virtually).
This sounds like it's calling for trouble!
Whenever I hear that any IDs could be "recycled", I make a mental note to replace the person making such a proposal from all teams that I am involved in.
The worst is I once was put to work on a system where they even recycled GUIDs... I thought "which part of GUID do you not understand, the G part or the U part?" (from which it follows they also don't really understand what ID means)...
That’s because it is. Then we go back to YAML and add whitespace sensitivity and suddenly it’s the state-of-the-art for declaring infrastructure.
For example, a maps app, to always get the kid home if they’re lost. Medication reminders. Fitness tracking. Emergency SOS. A calendar to remind them about family birthdays and upcoming holidays. School timetables. Medical ID. Payment cards or passes for travel (in Western Europe a lot of schoolchildren commute by themselves, especially on public transport) and spending their allowance. Let the kid choose to notify their family of their location as and when they want to. Empower them to use tech to their advantage but put their privacy first.
Children are going to end up as adults in this world regardless of whether we teach them, so we should be teaching them the benefits and warning them of the many bad actors. We should be teaching our children the skills they need to navigate the modern world. This includes technology and abusive/controlling relationships.
I believe a good responsible smartwatch for kids can exist. Alas, this is Google and helicopter parents exist, so this product is not it.
I find the "honor amongst thieves" part so interesting in these breach stories
(1) Troy Hunt, via an "X" user has a screenshot to the actual sale -> https://x.com/troyhunt/status/1795551650553491870
Comparing apples and oranges here but I like thinking about the monetary value assigned to a byte.
To my knowledge this “feature” can’t be toggled independently and in my experience often drastically reduces the signal-to-noise ratio of GitHub notifications for people in a CODEOWNERS file.
I wish GitHub allowed this to be configured. You either get this functionality and enforced code owner approval, or neither.
There was a popular game called "Rocket League" that Psyonix company sold and ran the infrastructure for for many years. But then Epic corporation bought Psyonix for Rocket League's playerbase to bootstrap their proprietary game delivery service. 6 months later everyone who had bought the game for Mac or Linux could no longer play. Epic just stole it from them. No recourse. Not even outrage beyond the effected. It was just accepted as a standard business practice.
> The developer offered full refunds to the game for macOS and Linux owners regardless of how long they had the game.
https://en.wikipedia.org/wiki/Rocket_League#Free-to-play_tra...
https://www.rockpapershotgun.com/rocket-league-ending-mac-an...