• skillissuer@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    61
    arrow-down
    1
    ·
    10 months ago

    stop the presses!! a cryptobro got scammed out of 90k$ “worth” of fake money, we must slow down all computation! for safety

    • fuckwit_mcbumcrumble@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      ·
      10 months ago

      lmao this article is hilarious. This crypto bro is mad because he left some hole open without a fail2ban type system set up.

      Bruh if you have 90k in digital cash store that shit offline, or take responsibility for your own security.

  • nyan@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    28
    ·
    10 months ago

    Security and convenience (not “speed”) always pull in opposite directions. The thing is that experts always seem to advise using the highest level of security even for trivial accounts. This creates unnecessary friction, with the result that the average person drops the effective level of security even for important accounts in order to get rid of it. This is not a new problem, just a bad article on an old problem.

    (As for cryptocurrency, just don’t.)

    • Plopp@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      Yeah I read somewhere that it was considered unacceptable for people to have to wait for a couple of seconds for a password manager to open the vault after entering the password. Like, really? If those seconds mean the account is way more secure because math, isn’t it worth it? For the thing that holds all your passwords? People have become very sensitive to such things it seems.

      • nyan@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        It takes a few seconds to type a password in manually as well, but people seem to regard the time differently if they’re actively doing something than if they’re passively waiting for something to happen. Nontechnical users regard computers and other devices as black boxes that should respond instantly to stimuli, the way purely analog equipment does. If it doesn’t, many of them treat it as broken.

        • Plopp@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Yes that does make a difference. And a good UI should of course tell the user that it’s doing aubergine in the background. For a password manager, preferably a message indicating unlocking and a progress bar of some sort instead of just a frozen window.

      • shastaxc@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Password managers typically allow you to use a session based login so you only put in the master password once until you close the browser, it set it to only prompt you every day, week, month, or never again on that device. So most of the time, those few seconds required to enter a password for a website are reduced to 0.

  • Bobby Turkalino@lemmy.yachts
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    10 months ago

    Author is a doofus, but there is one context in which I sorta agree with this sentiment.

    It drives me up the wall when, according to my browser, a page is done loading, so I go to click on something and bam, a subscription/cookie/whatever popup appears and steals my click in the millisecond between when I decided to click and when my finger reacted.

      • otp@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        Or an ad or something loads in and shifts everything around. Sometimes I don’t even end up clicking on anything meaningful to me, the website, or the advertiser. It’s just bad design and an annoying user experience.

  • PeterPoopshit@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    10 months ago

    I can see the headlines now. “GOP passes bill banning civilian ownership of anything faster than a Pentium III.”

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    10 months ago

    This is the best summary I could come up with:


    A combination of poor password hygiene and weak security on his Windows laptop gave the intruders unfettered access to the digital wallets in which he stored cryptocurrency.

    Similar incidents happen every day at scale: people get robbed; organizations have their data lakes drained; nations find themselves under threat.

    Our relentless optimization for speed has us valuing a 120Gbit/sec Thunderbolt port over a more thoughtful consideration of how we might be far better served by an operation more complex, secure – and slower.

    Perhaps the point should not be which chip or algorithm renders the fastest or most accurate operation, but which systemic approach offers the greatest level of safety and security.

    Systems that have no friction in them – running unsupervised, without speed bumps, with no skeptical humans in the loop judging and grading – are hurtling down the highway to hell.

    On the other hand, a massive financial transaction or data migration could include baked-in “breakpoints” that require human intervention before automated work continues.


    The original article contains 594 words, the summary contains 165 words. Saved 72%. I’m a bot and I’m open source!

  • shortwavesurfer@monero.town
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    6
    ·
    10 months ago

    Are you serious? You had crypto on Windows. First of all, that’s the problem. You don’t use crypto and Windows together. You just don’t. I’ve been doing crypto for over 10 years and never lost anything because I know what the fuck I’m doing

  • vithigar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    ·
    10 months ago

    Our answer? Throw a few “speed bumps” onto the road with 2FA and hope for the best. Sometimes that works – but sometimes that mobile’s SIM has been cloned and it’s all for naught. Speed bumps provide the illusion of safety and security, without actually doing much to slow the escape vehicle. To do that requires a bit more of a rethink.

    Brings up 2FA only to complain about the very worst form of it that’s arguably worse than just having a strong and unique password.

    Yes, SMS 2FA does provide only an illusion of safety, because it’s garbage and people have been warned against using it for years.