Except he directly said just that.

Generally I agree that often he’ll make some flub and a bigger deal is made of it. Like with the ‘Miracle Mile’ vs. ‘Maginficent Mile’ thing, he said the wrong thing but that’s the least of the problems with that story and a fairly mundane and understandable mistake to make.

This time the statement is exactly as said, though real world consequences for it are similarly low.

People’s laziness?

Well yes, that is a huge one. I know people who when faced with Google’s credible password suggestion say “hell no, I could never remember that”, then proceed to use a leet-speak thinking computers can’t guess those because of years of ‘use a special character to make your password secure’. People at work giving their password to someone else to take care of someething because everything else is a pain and the stakes are low to them. People being told their bank is using a new authentication provider and so they log dutifully into the cited ‘auth provider’, because this is the sort of thing that (generally not banks) do to people.

to an extent

Exactly, it mitigates, but still a gap. If they phish for your bank credential, you give them your real bank password. It’s unique, great, but the only thing the attacker wanted was the bank password anyway. If they phish a TOTP, then they have to make sure they use it within a minute, but it can be used.

actually destroys any additional security added by 2fa

From the user perspective that knows they are using machine generated passwords, yes, that setup is redundant. However from the service provider perspective, that has no way of enforcing good password hygiene, then at least gives the service provider control over generating the secret. Sure a ‘we pick the password for the user’ would get to the same end, but no one accepts that.

But this proves that if you are fanatical about MFA, then TOTP doesn’t guarantee it anyway, since the secret can be stuffed into a password manager. Passkey has an ecosystem more affirmatively trying to enforce those MFA principles, even if it is, ultimately, generally in the power of the user to overcome them if they were so empowered (you can restrict to certain vendor keys, but that’s not practical for most scenarios).

My perspective is that MFA is overblown and mostly fixes some specific weaknesses: -“Thing you know” largely sucks as a factor, if I human can know it, then a machine can guess it, and on the service provider there’s so much risk that such a factor can be guessed at a faster rate than you want, despite mitigations. Especially since you generally let a human select the factor in the first place. It helps mitigate the risk of a lost/stolen badge on a door by also requiring a paired code in terms of physical security, but that’s a context where the building operator can reasonably audit attempts at the secret, which is generally not the case for online services as well. So broadly speaking, the additional factor is just trying to mitigate the crappy nature of “thing you know” -“Thing you have” used to be easier to lose track of or get cloned. A magstripe badge gets run through a skimmer, and that gets replicated. A single-purpose security card gets lost and you don’t think about it because you don’t need it for anything else. The “thing you have” nowadays is likely to lock itself and require local unlocking, essentially being the ‘second factor’ enforced client side. Generally Passkey implementations require just that, locally managed ‘second factor’.

So broadly ‘2fa is important’ is mostly ‘passwords are bad’ and to the extent it is important, Passkeys are more likely to enforce it than other approaches anyway.

Ok, I’ll concede that Chrome makes Google a relatively more popular password manager than I considered, and it tries to steer users toward generated passwords that are credible. Further by being browser integrated, it mitigates some phishing by declining to autofill with the DNS or TLS situation is inconsistent. However I definitely see people discard the suggestions and choose a word and think ‘leet-speak’ makes it hard (“I could never remember that, I need to pick something I remember”). Using it for passwords still means the weak point is human behavior (in selecting the password, in opting not to reuse the password, and in terms of divulging it to phishing attempt).

If you ascribe to Google password manager being a good solution, it also handles passkeys. That removes the ‘human can divulge the fundamental secret that can be reused’ while taking full advantage of the password manager convenience.

Password managers are a workaround, and broadly speaking the general system is still weak because password managers have relatively low adoption and plenty of people are walking around with poorly managed credentials. Also doesn’t do anything to mitigate a phishing attack, should the user get fooled they will leak a password they care about.

2FA is broad, but I’m wagering you specifically mean TOTP, numbers that change based on a shared secret. Problems there are: -Transcribing the code is a pain -Password managers mitigate that, but the most commonly ‘default’ password managers (e.g. built into the browser) do nothing for them -Still susceptible to phishing, albeit on a shorter time scale

Pub/priv key based tech is the right approach, but passkey does wrap it up with some obnoxious stuff.

Passkeys are a technology that were surpassed 10 years before their introduction

Question is by what? I could see an argument that it is an overcomplication of some ill-defined application of x509 certificates or ssh user keys, but roughly they all are comparable fundamental technologies.

The biggest gripe to me is that they are too fussy about when they are allowed and how they are stored rather than leaving it up to the user. You want to use a passkey to a site that you manually trusted? Tough, not allowed. You want to use against an IP address, even if that IP address has a valid certificate? Tough, not allowed.

This assumes this is an annual thing and not a one-time stunt.

I think this is a potential component in a ‘2025 sucks to make 2026 look better’.

Imagine that they use part of the tariff revenue over 18 months to issue a check roughly that size right smack dab in the middle of midterm campaign season. Maybe also implementing one of those random tariff pauses, say, 90 days covering the tail end of election season to get prices to maybe come down. If there’s one thing they should have learned is that the average person sincerely loves getting their own money back without interest and views it as a ‘nice bonus’, like they do every April.

So they drive prices up in 2025, then use some of that to ‘stimulus’ the voters as they implement pricing relief…

I think everything is coming together for them to win the midterms. People have already forgotten about USAID and similar, and maybe associate that more with Musk than Trump. People are pissed about the inflation but this would likely erase that concern particularly if they ease up for election season. They endangered people by taking away SNAP, but democrats caved and the Republicans have a chance to make short term healthcare extension and vindicate their ‘democrats caused this by being stubborn’ narrative. Further, since open enrollment closed and it’s “too late”, one thing I heard floated was implementing the subsidy as a cash rebate to those that would have benefited, and just like this refund here, that goes even further than reducing the costs in the minds of the voters. If they want a little boost they can also do things like throw RFK Jr. under the bus and install a vaguely credible person in his position, to illustrate they can improve things.

Well this is pretty much exactly what Republicans needed.

They pitched that they were perfectly willing to be reasonable and the democrats were the crazy ones.

Now they pass an extension, specifying to block the non-existent illegal immigrant gap and say “see, we were ready to take care of the people, but the democrats forced things to be bad, and these few democrats reluctantly came over which just proves they were in the wrong”

Another chunk of what I assume is their strategy: Make 2025 bad in ways to make it easier to make 2026 feel great by comparison.

For there to be any kind of real “civil war” there would need to be a very clear distinction between sides and goals alongside states declaring

That’s how the US Civil War happened, but frequently a national Civil War does not have such clear boundaries and sides. See Syria for a very messy conflict where about the only thing defining one ‘side’ was ‘not Assad’ and very little agreement other than that.

Civil war would be the worst possible outcome to be sure, but a messy situation can just as easily feed a civil war.

They believe the “proper” stewards of society are the wealthy. In order for the wealthy to make the best of things, they need that money, so low taxes.

But the wealthy need something else, a desperate working class that will do anything the wealthy says just so they can eat and have some chance at things like decent healthcare. One of their favorite refrains is “nobody wants to work anymore”, and in part they blame government assistance for this perceived lack of workers or workers that are so uppity as to demand a living wage.

Of course desperate people can do something other than nicely do the things the wealthy tell them to. So that’s where “law and order” principles come in. Make a big authoritarian police force to discourage the more dangerous path that mass desperation can cause.

Well I’m not exactly happy about him so not the greatest example of who I would vote for.

To the extent that people are in his cult, he was a national celebrity heralded as the leader of multinational business concerns. That distinction should have carried huge burden of those concerns being crap, but the apprentice made him out to be smart supreme businessman.

As compelling as AOC might be. Her track record even in theory is a single congressional district.

I feel it’s premature to assume JD would be the GOP candidate. No one particularly likes him, even as some people like trump for whatever reason.

It’s certainly capable, and has a more structured pipeline structure saving you in theory from awkwardness of grep/awk sorts of ‘processing’ that may be out of whack. It also has a command model where whether you are calling cmdlets or .Net functions, it’s lighter weight than a typical bash interaciton that has to fork/exec every little thing (and the ability to invoke .Net functions means a lot of capabilities that are normally not directly available to something like bash).

However, from a user experience, it’s got a few things that can be a problem:

• It’s a bit too ‘programmer-y’, and particularly maybe a bit too perl-y. Some of the same criticisms of how perl can be a bit of a mess carry over to powershell.
• It’s ecosystem is mostly just whatever Microsoft gives to you. The *nix side of the house has had a diverse ecosystem, but Microsoft is largely on their own. Good hooks into most Microsoft products, but not a whole not of third party enablement.
• Other shells have better and/or richer UX, like fish

The point is that you can’t “pipe GUI output to other command”, the GUI would actually have to serialize things in a useful way and send to that fifo. Similarly you can’t send stuff to it’s stdin and expect it to do anything sane.

Further, since you can’t seek() in a fifo, a lot of likely GUI applications involving files would break on trying to deal with a fifo. Also the typical GUI app on read doesn’t assume a ‘tail -f’ like approach to arbitrary file inputs.

But only if the gui very specifically designs for it. With a cli you can generally wrangle arbitrary command into a pipeline.

Cmd was torturous and powershell not much better.

Some things are just massively tedious to do through any gui. Sometimes the converse is true.

One reason why LLM is desired as a ui element is that you can describe what you want in text without having to remember how to navigate a bunch of convoluted ui elements. CLI is related, except more precise but more demanding on specifics of input.

Again, they should have called the police with juriscidtion if that were the case. They should have, at most, detained him on scene until cops show up.

So far I’ve seen:

• They pulled into a car and then violently arrested the driver because “she rammed their vehicle” despite footage clearly showing they drove into hers. They didn’t want to get in trouble for causing an accident so they just made stuff up.
• Even in the sandwich “attack” they asserted that the sandwich contents covered their vest, but footage showed it stayed in the wrapper the whole time.

They clearly are cultivating a culture of make stuff up to blame the people they get mad at. They have zero credibility.

By winning they make MAGA folks go away? Sounds like double winning to me…

But still, it’s like 40% actively voting for the GOP even in this scenario. It’s crazy that GOP basically has an absolute lock on 40% of the population no matter what they do.

I heard this report where they went to a charity food pantry in deeply Trump territory to get their perspective on the whole benefits being stopped.

This woman talked about how it was a good thing for SNAP and everything like it to go away, people need to take care of themselves. Immediately recognizing that it was an odd thing for her to say, since she was there to get food from the charity, she clarifies “I take care of myself and don’t need a handout, I’m just here because I might like some of the food for myself”.

This woman didn’t want people thinking of her as in need and thought it sounded better if she was taking food away from the poorer people…

This is how Trump still carries like 40% of the population approving of him.

Yeah, but can they handle the collapse of going back to the company before the AI boom? They’ve increased in market cap 5000%, attracted a lot of stakeholders that never would have bothered with nVidia if not for the LLM boom. If LLM pops, then will nVidia survive with their new set of stakeholders that didn’t sign up for a ‘mere graphics company’?

They’ve reshaped their entire product strategy to be LLM focused. Who knows what the demand is for their current products without the LLM bump. Discrete GPUs were becoming increasingly niche since ‘good enough’ integrated GPUs kind of were denting their market.

They could survive a pop, but they may not have the right backers to do so anymore…