At what point do investors kind of shrug and stop believing his stated plans? He has waffled back and forth on this thing so much

Funny part is I’m responsible for some software which needs just a little privilege.

The direct install option runs as a broadly unprivileged user, thanks to systemd service for imparting one, surgical ambient capability to the process.

A team that wraps it in a container however demands it be run privileged, because they say the container runtimes dont support the same granularity, so the container users end up with unreasonable privileges while the direct install users are almost completely running unprivileged.

deleted by creator

Sure, though at least it doesn’t take too many words to clarify…

windows app on the other hand…

Do you mean teams for work or school or teams for personal?

That compatibility matrix, the windows app does not support connecting to Windows from Windows… That’s some amazing product planning there from Microsoft…

Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.

Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”

Walmart is garbage, but the claim they can eat 30% tariffs because they made billions is by itself not a credible argument.

They made 16 billion in profit, on the back of 650 billion in revenue. Percentage wise that’s 2.5%. The acquisition cost of the goods is a fraction of their operating costs, but if cost of acquiring the goods was even only 10% of their revenue, the tariffs are enough to push them red.

If he is right then I would expect a nice analysis of the financials of Walmart showing this is feasible, rather than a hollow rant.

Alternatively, if it were as he stated earlier temporary pain like medicine to fix the manufacturing imbalance, I would want a more coherent strategy. As it stands, businesses can’t plan around his tariff policy as it shifts day to day without warning. If they did bring home manufacturing at significant expense, they lose because Trump gives in and competition that didn’t bother has an advantage.

I think he at least roughly understands the economic implications, he just doesn’t care. He’ll just crack to the rhetoric, blame everyone else for the problems, and assume his fan base will eat up every word and let him continue.

Falling that, he just goes all in on ignoring elections and count upon the system to let him do that like it’s a woman with a pussy to grab.

That seems convoluted but also as stated it wouldn’t be a wash.

A deduction means pretend that portion of income never existed and the taxable portion of it is not charged.

Then generally the deduction has to be above the standard deduction to make sense to use, and the standard deduction is just so high nowadays.

So if you claimed a hypothetical deduction of 1,000, then you reduce your tax burden by only 200 or so, assuming you otherwise had like 20 some odd thousand in deductions to get you close to the standard deduction.

The only way it would be a wash is if it were a refundable tax credit with no qualifications, and that almost never happens for anything. I could imagine a non refundable credit that would make it a wash for anyone with sufficient tax liability.

However, this would make the tariffs an utterly pointless needless complication, needing a whole lot more accounting by sellers and consumers just to get to a similar and simpler position of not doing the tariffs in the first place.

Sure, you could do something like that to normalize all manner of passwords to a manageable string, but:

• That hash becomes the password, and you have to treat it as such by hashing it again server side. There’s a high risk a developer that doesn’t understand skips hashing on the backend and ends up insecurely storing a valid password for the account “in the clear”

• Your ability to audit the password for stupid crap in the way in is greatly reduced or at least more complicated. I suppose you can still cross reference the password against HIBP, since they use one way hash anyway as the data. In any event you move all this validation client side and that means an industrious user could disable them and use their bad idea password.

• if you have any client contexts where JavaScript is forbidden, then this would not work. Admittedly, no script friendly web is all but extinct, but some niches still contend with that

• Ultimately, it’s an overcomplication to cater to a user who is inflicting uselessly long passwords on themeselves. An audience that thinks they need such long passwords would also be pissed if the site used a truncated base64 of sha256 to get 24 ASCII characters as they would think it’s insecure. Note that I imply skipping rounds, which is fine in such a hypothetical and the real one way activity happens backend side.

My wife just hit similar, Google AI result invented a dish that didn’t actually exist for a local restaurant. She was half ready to go until she went to the actual menu and figured out the described food didn’t exist.

That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm

Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq

A 24 char passphrase while not as bulletproof as a machine generated string is still credibly strong even to offline cracking attacks when possible. In all the datasets of passwords acquired through that sort of cracking I don’t think I’ve ever seen it catch even a 4 word passphrase.

Though it could also amplify DDOS. Allowing 72 character passwords lets a DDOS be three times rougher despite being a seemingly modest limit for a single request.

If a password/passphrase is 24 characters, then any further characters have no incremental practical security value. The only sorts of secrets that demand more entropy than that are algorithms that can’t just use arbitrary values (e.g RSA keys are big because they can’t be just any value).

Back in the day, long time ago, Unix would do that, and limit user silently to 8 characters.

Which then wasn’t great, but a good password would be hard to break even at only 8 characters with equipment of the time.

We would do a cracking test against the user passwords periodically and ding users who got cracked. Well one user was shocked because they thought their 16 character password was super secure and there’s no way we would crack it. So we cited her password and she was shocked she went through so much trouble only for the computer to throw away half her awesome password.

So I just went through something similar with a security team, they were concerned that any data should have limits even if transiently used because at some point that means the application stack is holding that much in memory at some point. Username and password being fields you can force into the application stack memory without authentication. So potentially significantly more expensive than the trivial examples given of syn and pings. Arbitrary headers (and payloads) could be as painful, but like passwords those frequently have limits and immediately reject if the incoming request hits a threshold. In fact a threshold to limit overall request size might have suggested a limited budget for the portion that would carry a password.

24 characters is enough to hold a rather satisfactorily hardened but human memorable passphrase. They mentioned use of a password manager, in which case 24 characters would be more entropy than a 144 bit key. Even if you had the properly crypted and salted password database for offline attack, it would still be impossibly easier to just crack the AES key of a session, which is generally considered impossible enough to ignore as a realistic risk.

As to the point about they could just limit requests instead of directing a smaller password, well it would certainly suck of they allowed a huge password that would be blocked anyway, so it makes sense to block up front.

I think I heard a plan to argue the amendment intended “exclusively subject to the jurisdiction”, though that requires a pretty huge “reading between the lines” to just invent that extra term. In such a scenario they would argue citizenship of a foreign nation by way of a parent being able to pass on that citizenship disqualifies then for US citizenship. This means that they couldn’t be left nationless even if that sketchy interpreation prevails.

But the reading of the text pretty much seems clear cut, the only way someone born in US soil could be disqualified is if the US was invaded and it was occupied to the point where US government had no practical authority, like if Japan had kicked out all the US government, judges, and law enforcement to make it clearly obvious there no jurisdiction left…

I agree. I would never have bought Adobe, I would have not the little bit of vector drawing I have done.

I’m grateful for InkScape, but I wouldn’t have bought or downloaded anything otherwise, so I neither saved nor did Adobe lose.

The environmental causes are availability of options we crave but are still not forced into, so individual responsibility is absolutely a thing.

I was obese and it sucked but I got down to a healthy weight, and keeping it off kind of still sucks but it doesn’t take a lot of time or money, in fact it’s generally cheaper.

Fast food is constantly highlighted as an impossibly unhealthy reality, the nicer places cost more and take too much time. Except you can choose passable choices in fast food.

If you can freely pick, there are fast food places that offer salads with maybe some grilled chicken, which can be healthy unless you opt to drown it in ranch.

But let’s say you are in a group and they pick a restaurant without an option like salad. Just asking for water instead of a big sugary drink gets you so much closer to healthy. Skip the fries, skip the mayo, get a smaller burger. All these things are cheaper and friendlier to a reasonable caloric budget.

It sucks because it means eating to feeling “ok” while skipping the most awesome foods and rarely getting to feel just utterly full, but that was just life when people had healthier weight.

Similarly on activity. It does suck that work has people sedentary, but our idle pursuits are similar. When I was a kid, TV was stuck on a schedule and video games were only so engaging, so we would get bored and want to do something. Maybe it was walk amongst some trees to see if anytime interesting was around. Maybe do something with a ball. Nowadays we can get endless engagement from streaming, video games, and Internet. So tempting to just be on the couch. We can still choose those more active things, but we don’t want to.

Note all this awesome stuff is still great in moderation. I just went full on gorging at a restaurant a week ago on pretty much whatever I wanted. The thing is this is maybe like once every 2 or 3 weeks, not daily like we really want to.