"If you select those people, what’s to keep them from creating a system that gives them ever more amounts of money, to the detriment of their constituents?"
That is literally the system that exists today, except instead of in the open (e.g. salary) it's through stocks with insider information and who knows how else.
The point isn't to optimize for people who are most incentivized through money, the point is to make the position more accessible for anyone who actually wants to do the "service" part, and to minimize the reasons that it's hard. As the previous commenter pointed out, right now independently wealthy people are some of the only ones who are actually capable of running, and someone who isn't independently wealthy who wins is even more susceptible to bribes because they may be in a tenuous financial position.
I would agree with you that we want individuals who's goal is to do "service" for their society, but our current system obviously isn't working and there are a lot of solid reasons why something like this _could_ improve the situation, what alternatives would you recommend?
Agreed. But the difference is I'm saying a better solution is to adjust the incentives rather than just keeping the same incentives but making it more transparent.
I would be in favor of higher pay for Congress given the limits of the job (maintaining at least two residences in DC and their home state, for example). Perhaps we just disagree on the level. I don't want it to be "lucrative" as you said originally (ie I don't want it to be a way to get rich), but it should be high enough to not be prohibitive to go into service. There are also some knock-on effects that would need to be managed; for example, I think overall civil servant pay is pegged to Congressional pay limits. Other solutions may be to have designated Congressional housing (so at least they can't use the housing cost as an excuse).
That is awful, but it doesn't lessen the impact of someone who right now has access to your email and or other accounts. China having your DNA profile is not near as impactful as someone actively stealing your identity and potentially ruining your finances. Use 2fa everywhere, and if your email is in this list, you should change your password.
New macbooks with a notch hide icons underneath of the notch and those icons are completely inaccessible without installing 3rd party software to manage your status bar, or turning off a bunch of other software with visible icons on your bar.
IMO that's a far worse UX than update and shutdown turning the computer back on at the end.
you can finally set a screen resolution that just stays below the notch! I'm not sure when that became available, but I just used it a couple weeks ago.
The sad thing about the current state of macOS is that I'd rather install an app to manage the menu bar than upgrade to the liquid glass monstrosity that is macOS Tahoe.
(I'm also not an early adopter. I only went to Sequoia from Ventura a few months ago.)
in case this implies you haven't found it: it's a feature in Sequoia :) it's just in display settings, though you may have to turn on the "show all resolutions" toggle to show it.
I haven't used Tahoe personally for more than a moment on someone else's computer, but wow they did not think that UI redesign through at all, did they. I'm actually kinda glad I'm mac-less now.
Defaulting a furnace to on certainly shouldn't be considered safe. What if it's leaking CO into your house, what if it gets dangerously hot and causes a fire?
A thermostat and controls are a necessary requirement for HVAC systems and defaulting anything to "run" if your control plane doesn't exist anymore is definitely not the safe option.
The other issue is that in almost all situations (like this one) what you think is a safe and sane default won't align with what other people think.
There should be defaults and they should be clearly defined, but I don't think it's always obvious to determine what they are.
While I agree with your overall point, this clause is irrelevant to/not supportive of it. The presence of a thermostat wasn't going to help you here either and there are vastly more furnaces with connected thermostats than disconnected to worry about.
CO detectors and alarms are needed to address this risk.
Your thermostat is in a far less likely place to be overloaded with CO should the alarms start going off, though. If the thermostat is gone, you have to physically go to the furnace itself or shut off power at the circuit breaker.
Freezing water pipes are bad, but a furnace running non-stop is going to exceed its duty cycle and pose a greater hazard.
Whatever was implemented as this poorly-thought-through fail-safe would be implemented in the furnace itself, thus that furnace implementation could manage any safety-related concerns, though heating equipment is overwhelmingly rated to 100% duty cycle already. (My goal for my boiler is to have at least 22 hours per day of heating demand to ensure that I'm using the exact minimum temperature water to maintain temp in the house, to maximize efficiency.)
My furnace runs pretty close to non-stop when it’s below -30 outside, I imagine a bigger concern than duty cycles if it did that when it wasn’t -30 would be that it would still be pushing the indoor temperature to 50°C above the outdoor temp.
If something is leaking CO into your house, then it's a major safety issue and needs to be immediately scrapped. Whether or not it's internet connected is the least of your worries.
> What if it's leaking CO into your house, what if it gets dangerously hot and causes a fire?
Furnaces have multiple checks when they turned on, even on the dumbest furnaces. There are multiple safety mechanisms preventing it from getting too hot. CO leak - what thermostat will do for you here?
I believe the CLI _does_ ask permission for each program trying to access it. The author's example includes a malicious vscode extension abusing the fact that he intentionally granted vscode permission to access the vault for one purpose and then a malicious extension leveraged that access to retrieve information through the op cli.
I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.
Two Factor doesn't mean 2 devices.
Two factor generally has been thought of as "something you know, and something you have."
Let's do a quick threat model on putting both passwords and MFA tokens in a 1password vault.
1Password employees a recovery key + password login by default, and logging into a vault requires you to either have a device with the encrypted vault on it and your password, or have knowledge of your password and knowledge of your recovery key (normally in a file which makes it something you have) essentially traditional 2fa needed to log into a new device.
If someone steals your phone with 1password installed - they need your 1password to be able to access your credentials on the physical device. At that point they already have both your factors - your phone (have) and your password (know) - still protected by 2fa.
If someone manages to fully root your computer, they could wait until you unlock your vault and then extract your credentials. However, if you use traditional 2fa on a separate device - then they can just wait until you log into the target app, and then ride your session and get the same level of access to the target. While there may be a small difference in level of effort or how long it takes, the same access level is possible, and the requirements are that they have very privileged access to your operating system. Someone rooting the device that you login to services is grants them "single factor" access to your services when you access them.
There is some subtle differences between these, but except for situations where you have very high privileged requirements, at which point you should be using yubikeys or standalone MFA devices, using 1Password with OTP and password is very comparable to using a separate device for MFA.
I'm a previous red teamer and currently a blue teamer.
I think that you're looking at extremes exclusively when it comes to your assessment. I live in a "city" in WV and need my truck all the time to get to rural areas, but that doesn't mean that I don't have reasonable access to electricity. Furthermore delivery around my city really isn't affordable or available in a lot of cases.
That being said, I really wish we had a small ICE truck in the USA, or an equivalent to the s-10/ranger. Even the ford maverick is exceptionally tall and it doesn't come with a bed that is big enough to conveniently move building materials.
The maverick bed is only 54" or 4.5ft and older model rangers and S10s can be had with up to a 6ft bed.
I bought a Maverick and it wasn't noticeably larger than my extended bed ranger, I actually feel like it is smaller, especially considering modern A pillars and such are very thick and rigid compared to the death trap of the old ranger.
I have had no issues moving construction materials with the Maverick. I've moved around 12ft boards and stacks of drywall. The only real difference I noticed is I can't lazily hang things off the tailgate, which tailgate latches aren't specced to do anyways.
Not sure which ranger you're talking about - but if you mean the 6ft one, 18 inches of bed length is definitely noticeable.
It's also definitely possible to haul all those things with almost any truck. Hell, you could even buy a rack for a maverick that makes full 8ft by 4ft sheets of drywall/plywood super easy to carry around, but being able to really easily load up stuff and not have to do some complicated strapping/securing of the payload is a big win with a bigger bed. I personally haul motorcycles a lot, and being able to have two motorcycles in the bed with tailgate up is a huge plus for me.
edit: misunderstood your first comment. What year Ranger are you talking about? The difference between an 80's/90's small truck and an early 2000s can be very considerable.
There's a whole different conversation and argument about the general size of vehicles in the US that is essentially circular and leads to bigger and bigger vehicles in the name of "safety".
The Maverick is also kind of dumb because of the choice to do unibody instead of body on frame. I'm sure there's some weight savings or whatever, but at least on a body on frame truck, I can opt to change the bed out even on a short bed truck and add a flatbed when it makes sense. When someone using it like a truck inevitably beer cans the bed, they're going to be really sad that it's not a relatively quick and simple thing to fix (by just going and getting another bed).
That is literally the system that exists today, except instead of in the open (e.g. salary) it's through stocks with insider information and who knows how else.
The point isn't to optimize for people who are most incentivized through money, the point is to make the position more accessible for anyone who actually wants to do the "service" part, and to minimize the reasons that it's hard. As the previous commenter pointed out, right now independently wealthy people are some of the only ones who are actually capable of running, and someone who isn't independently wealthy who wins is even more susceptible to bribes because they may be in a tenuous financial position.
I would agree with you that we want individuals who's goal is to do "service" for their society, but our current system obviously isn't working and there are a lot of solid reasons why something like this _could_ improve the situation, what alternatives would you recommend?
reply