Americans have the weirdest ideas about Socialism. It is possible to have a state run healthcare system or nationalize the railways without devolving into Venezuela.
It's also possible to have a largely socialist government and still have private healthcare providers and privatized railways. It's almost like these aren't simple black or white issues.
Moderation is essential because by publicly making an example of trolls, you can change the culture to prevent it. It's the same theory as patching up broken windows to ensure that worse things don't happen.
I feel internet shaming is the wrong answer as it's a different side of the same coin. As much as these people are trying to tear down and essentially bully people with words in a negative manner -- those who shame those people end up doing the same thing back, and often take it to extremes where punishment is vastly out of touch with the "crime".
By shining a light on these groups you attract others to it. This is why (I personally feel) the extreme right and extreme left exist today in politics. When you highlight (even to shame) a group it galvanizes them and brings other loonies to their cause.
I'm not talking about shaming people, I think that if you want to have a community that doesn't have abuse then you need the admins to remove or ban the people who post abuse and threats.
Where did the data for the growth rate table come from? I can see that the original source is a reddit post but I can't find where the reddit post got it's numbers from.
The problem with this is that allowing prison labour to be cheaper than free labour puts competitors out of business and gives incentives to the state and business lobbyists to arrest more people for the sake of profit instead of reformation or containment.
There are two different approaches to this that are the same on the outside. Paying the workers more is one, the other is charging a minimum for their time, but X% of their earned wages go to some other entity (the government directly, victim support, community projects). This would help the issue with competition, but not necessarily the other issues. It also doesn't touch the moral aspect of how much people should get paid.
Get rid of private prisons, period. You can even keep the same business model except instead of the profits going to a corporation, the system is run as a non-profit government entity and the workers are actually paid a fair wage.
As it is right now, we have slaves working to enrich CEOs, board members and investors.
You can even keep the same business model except instead of the profits going to a corporation, the system is run as a non-profit government entity
Which is exactly what's happening in this case. There's no private corporation, it's a governmental division, yet the inmates are still paid a pittance. Maybe you should review your preconception of private industry vs government.
Depends on the type of 2FA. If it's using U2F, then you'd be fine as that is tied to the domain name of the site you're on, but if it's using TOTP/HOTP (i.e. Google Authenticator), and the phishing site asked you for your 2FA code, and you gave it, then you would still be successfully phished.
Not entirely. The important difference is that instead of generating a secret on the token and passing it to the server, U2F has the token answer a challenge issued by the server and encrypted to the token's (per-domain) public key, stored by the server at token registration time.
The corresponding private key is stored on the token indexed in part by the requesting domain, which is supplied by the browser during an auth request. It is because of browser participation that a MITM domain would not be able to ask the token to answer the challenge with the correct key handle.
The actual implementation can differ from what's described above, see Yubico's description of their key wrapping scheme if you want more detail:
Besides what mike-cardwell says, TOTP relies on a shared secret, while U2F uses challenge response authentication. Even if a MITM captures the (encrypted) challenge-response sequence, a new authentication requires a new challenge-response.
Not necessarily. Depends on how sophisticated the attack is implemented. They are MITM'ing you at that point, so it's entirely possible to not only capture username/password but also the 2FA token.
Well, Google TFA doesn't ask you to type your number (and others only some digits) so it probably would rise a red flag big enough to "awake you" from auto-pilot, I hope.
I assume you're using the type of 2FA where this is not the case. We are discussing the type of 2FA where Google does ask you to enter your number. I.e, TOTP. When I log into Google, it asks me to type my 2FA number in.
Yes. That is the point of 2FA. Require something more than login credentials, preferably something physical you possess for an actual login to be successful.
Incorrect: U2F would prevent this, but simple 2FA challenge could simply be displayed at the next screen of the form, and once you submit, the malicious server could immediately use the token you provide.
U2F does mutual auth of the u2f service, so it should fail.
U2F prevents mitm attacks, which this is an instance of. Using Google standard 2FA and save the machine/browser for 30 days it would pop up and say you need your 2FA, which would be suspicious. With U2F it would say the service is unknown, which is equally suspicious. But my point was simply that it prevents the attack with only the login information, not that the attack can be futher refined to get your 2FA token.
2FA is a great way to know when you have to look at all the data to decide wether or not to give the token. For instance, I always double check the URL when I'm about to hand out a 2FA code.
It's a reference to a PG essay where he talks about how PR agencies often give press releases and news stories that are little more than hidden adverts by reporting selective truths: http://www.paulgraham.com/submarine.html
The language itself is probably fine but the fact that they are starting from scratch with what appears to be no input from security or financial professionals is a clear sign that there will be security holes
