Recently as in the last 8 years when they overhauled it. It really was slow as heck back in 2016, but the e10s effort really, really paid off in terms of performance.
It runs noticeably faster than chrome on my 12 year old laptop. Plus, it isn't riddled with invasive tracking garbage.
Even before then, 99% of the difference came down to whether chrome and firefox were properly using gpu acceleration. (Both could be easily misconfigured.)
I never saw a situation where the actual engine performance mattered in real world scenarios.
These days, all the engines are comparable, except that Google sabotages safari and firefox on its own sites.
Yeah, but. The side-effect of catching criminals and protecting the children is that they also provide a searchable database of everyone's historical travel habits.
It's my opinion that our historical ideas of expectation of privacy when in public spaces are incompatible with the current state of surveillance technology. Sure, everyone should expect that they might be recognized by an acquaintance when out in public, but I don't think it follows that our entire past history should be available at any time in the future.
I'd like to read this list, but the color scheme is among the least accessible that I've ever come across. Dark, greyish-blue text with dark, bluish-grey highlighting over a dark grey background. Wow.
If any fledgling designers are here, then take note and add this to your list of examples to avoid.
I think that minimum redundancy is a wiser ethos. There are a couple of places where the weight penalty versus cost of failure makes the decision a no-brainer.
In my case, that means bringing aquatabs to back up my primary water treatment system and a second way to strike my stove. An extra 2 grams for aquatabs versus 4 weeks of greasy diarrhea? Check. Ten grams for a second mini bic or small fire steel versus cold soaking meals that I designed for cooking? Check.
But I do agree with you that bringing less in general frees you to move faster, go farther, and enjoy the journey even more.
No, that's not dumb at all. Inputs are filthy and sensors fail. If you're not comparing all available sensor data to confirm your understanding of reality, then a single sensor failure could... oh I dunno... cause your 737 MAX to divebomb.
The F-35 could compare weight on wheels to airspeed as a simple sanity check.
> When I tell people I work on authentication software, I nearly always hear some version of the same story: I hate multifactor authentication. No, really. People hate this stuff.
I hate all of the half-cooked non-TOTP MFA methods that I'm forced to use. Just let me use my freaking authenticator app. If you believe that your users prefer (or maybe it's just you?) more databroker-friendly methods, then fine, but please at least provide TOTP as an option.
I wish that banks would offer TOTP. SMS is famously insecure and poorly suited for something that’s a load-bearing pillar in most of our lives, and TOTP is probably the most reasonable replacement. Unfortunately only a tiny handful of US banks offer non-SMS 2FA of any kind, and to my knowledge the one that does (Scwhab I think?) requires the use of a hardware gadget even though it’s standard TOTP (which people have written python scripts to extract the necessary bits of info from).
World of Warcraft was supporting tens of thousands poor teenagers in developing countries, who would farm high value items in the game and then sell the account /items to rich people who didn't want to put in the hard work.
There was (maybe still is) lots of money to be made by hacking accounts and selling them.
At least in Germany all the SMS 2FA has been shut off, but replaced with tons of custom 2FA apps. The security argument is certainly that they can check for 'insecure' devices. But I wonder what the empirical evidence here is and how often (compared to phishing/social engineering) a TOTP token was actually stolen. Worst thing is IMHO Microsoft now which seem to have also shut off the TOTP option and use some other propriatary 2FA scheme now. IMHO banks should simply use FIDO2 HW tokens, but with all that passkey bullshit it becomes unlikely...
A failure scenario I found is when mitm antivirus decrypts traffic (or something similar), so a proprietary 2fa scheme doesn't work, because it can't get through network.
totp is still terrible, still phishable, more annoying to enter or use. it's only tolerable because it's better than the other methods you might see (email, sms, custom app), but imo it also falls into the half baked category behind things like passkeys.
Yes, for the love of god and all that is holy, just let me use TOTP for MFA. I absolutely HATE that some banks use SMS as a method of MFA. Sometimes it's a mix of 8 character numeric password with SMS as MFA.
Because of how humans work TOTP can give false confidence to the user which is a further downside.
Grandma goes to fakesite.com not realising it isn't her real site. It asks her for the TOTP code, she provides her TOTP code and it works. She is reassured - if this wasn't her real site why would the code work?
Now, in theory a neutral security assessor can see that's not reassuring, but that's not how humans work, the fact there was a challenge-response feels like security even though for all they know if was accepting any inputs.
Phishing sites generally have a milder version of this effect. I have vanity mail, so I own the "mail provider" handling my email and yet of course I get those phishing mails saying as the "Administrators" of my vanity domain they need me to type in my password. But they don't know my password of course, so filling in their form with crap "works" the same as anything else, fuckyouscammers, sure that's a reasonable password.
These schemes can't work if you don't rely on stupid shared human secrets ("Passwords") everywhere, but we did and it seems many people are really enthusiastic to keep doing that, so I doubt we'll escape from this self-imposed status. I wanted to make a web site that mimics the famous reusable Onion article but I've never gotten around to it. "No way to prevent this"
Hence my "Huh". Everybody working in my team uses TOTP if they don't have their own Yubikey which most do not. Most of them aren't close to as old as I am, but some are indeed grandparents, it's like if you were astonished anybody over age 40 can type.
Python users (pypi.org) just got hit that were using TOTP.
"If the user had enrolled a Security Device for PyPI second factor authentication, the attacker would not have been able to use the second factor, as the WebAuthn protocol requires the user to physically interact with a hardware security key, or use a browser-based implementation, which would not be possible if the user was not on the legitimate PyPI.org website (Relying Party Identifier)."
If I were responsible for a mechanical doping program, then I'd install the motors for the leadout and mountain domestique riders and leave the team leader clean. Who cares if they pay the weight penalty after peeling off if it means that they can provide extra support for those critical minutes?
Among the additional information Kochava collects and sells are non-anonymized individual home addresses, phone numbers, email addresses, gender, age, ethnicity, yearly income, “economic stability,” marital status, education level, political affiliation and “interests and behaviors,” compiling and selling dossiers on individuals marketed as offering a “360-degree perspective,” the FTC said.
...
According to the FTC, Kochava’s data can identify women who visit reproductive clinics by name and address along with, for example, when they visit particular buildings, their names, email and home addresses, number of children, race and app usage.
...
Kochava marketing materials tell customers it offers “rich geo data spanning billions of devices globally” and that its location data feed “delivers raw latitude/longitude data with volumes around 94B+ geo-transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”
...
The complaint also alleges that the company has lax procedures for determining who it is selling data to, saying purchasers are allowed to use a generic personal email address, label an alleged company as “self” and explain they plan to use the data for “business.”
I was on a team of about 25 involved in pitching a particularly large deal to a public sector client (think US state/local governments). The audience was about 50 people from different departments and agencies throughout the state and our pitch team consisted of about 6-8 very big shots + me the computer nerd. During our prep and rehearsals a "look book" was distributed which consisted of write ups on each person expected to be in the audience. It was very detailed with a career and education history of each person, a personality analysis, where their interests/passions lie both at work and personally, and what topics and key points set them off. The deck was very professional and not something thrown together, i was impressed but a little taken aback too.
I think the incongruity that the original commenter was pointing out is that Wildberger critiqued radicals by saying that they're imprecise approximations that rely on the problematic concept of infinity.
So setting aside the new method's practical implications, replacing an infinitely accurate approximation with a different infinitely accurate approximation doesn't feel any different.
It seems that the authors are skeptical of real numbers (even computable ones???) while being perfectly comfortable with power series. I don't see how one of these can be acceptable and the other not. Sadly, their point of view seems incoherent.
Maybe it's a gut reaction because power series can seem so "nice" to them in their experience.
Maybe if someone explained Computable Topology to them, then they could be more accepting? But if their judgement comes from the gut, instead of intellectual integrity or reason, then I'm not sure it would be worth trying it.
It runs noticeably faster than chrome on my 12 year old laptop. Plus, it isn't riddled with invasive tracking garbage.