TOTP with a changing code is simple to understand and use and very resistant to both SIM Swapping and all these push based notification attacks. Push based notification attacks are relatively easy to social engineer as well - call, say you need to confirm identity and push.
Passkeys are a nightmare. For whatever reason they play SO SO badly. Microsoft / et al all seem to compete to screw this stuff up. Seriously, if you are logged into a remote desktop, the push goes through chrome to some microsoft thing which has a different pin / password / whatever. What's even crazier - I have a yubikey and somehow the passkey doesn't need the actual hardware key to be plugged in - so this passkey is being stored somewhere else.
Keep it simple. I liked the U2F yubikey flow where you had to touch the yubikey to authenticate and I like TOTP well enough as well.
This, I find passkeys very difficult to understand.
It seems I can use my phone as my "passkey". Okay nice, that should mean I can use the same one on multiple devices, just like with a hardware Yubikey, right? Well apparently no. Use a phone as a passkey on one device for a web account, try to log into the same account on another device, using the phone passkey, and it doesn't work, claims there is no passkey. I can't see what passkeys are actually present on the phone, so I don't know what's wrong.
There's so many different ways to have and use passkeys, and no way to tell what the status is. I have no idea how the less-technical users are supposed to be able to figure this stuff out.
Totally - it's super confusing! Apple actually seems to let me plug my passkey into my device (including my phone) and then it works. But I'm not native apple - all my work stuff is Windows / Linux etc. And passkey is garbage there. I think even bitwarden is trying to hijack the passkey now. How is this a second factor? If my vault password is taken, and the passkeys are in the vault - then aren't you screwed.
The whole point of a little yubikey is that if someone gets my password, they also have to get the yubikey. The chances of that, while not zero, are MUCH smaller. And then I can do a little recovery envelope with a yubikey in it as a backup.
When you created the passkey, there was an option to store it on an external security key. It was probably some smaller text or a button towards the bottom of the confirmation dialog.
Since most users would prefer to store it in iCloud (or competitor) and have it synced to all their devices, that’s the default. But you can keep using external security keys in this new passkey-based world. You just have to opt-in to it.
And yes, I agree that external security keys offer better security, at the cost of a little convenience.
I've tried to use an a key on a device, but they DON'T seem to work everywhere. If I use an apple phone for my key, how does that work with Chrome on Windows or just for Windows logins?
If I'm using whatever windows is pushing (maybe INSIDE windows - so if they get my pin/password I'm hosed?) how does that work on my iphone or for Apple TV login?
The whole thing is a freaking mess. U2F or whatever came before was so easy by comparison. Seemed to work very well cross platform. If you had a NFC version you could bring it close to your phone and touch a button and voila - authenticated. Or plug into a computer and touch a button. And it seemed to work with Chrome / Windows etc etc.
One key is these daughters from California have never actually tried to care for someone long term who is incompetent.
If required to do so, they'd be the first in line demanding an end to "suffering".
I've always thought authority and responsibility should go together. Parachute in claiming authority? Great - it's also now your responsibility. I'm serious about this. Discharge the elderly in their care with a care plan. Charter a flight or medical transport to get them to their house if need be.
The one challenge, folks getting older ALWAYS ACT TOO SLOWLY in getting things sorted - from grab bars and bathroom remodels to care teams and more. The time to find a nurse you like is NOT after hospital discharge when you can't shower yourself. Seriously - move closer to your kids, fix up your house, get some help to come by to help clean and check in on you - because with almost total certainty you will need MORE of this not less as you age.
It never occurred to me that I had any sway in my mom’s medical treatment until recently after about 3 years of pretty serious caregiving. It was only after things started getting so complex that stuff was starting to not work that I realized that even in that department I was now the responsible adult who needed to drive appointments, bring up things that needed to be addressed, and kind of have a vision for what “good enough” could look like.
One bit of advice - see if you can make sure you get respite care ie, mom stays for a week at an assisted living facility / nursing facility or even better go through a few in-home care folks who could help out and find one you like.
An issue is caregivers burning out. It's work that normally grows, so even if you don't think you need it, having the paperwork done for assisted / nursing so if needed Mom can spend a week there or having a relationship with in-home care so you can take a few days if needed can really make a big difference.
Also, if you get sick, there's a safety net for mom.
That is excellent advice thank you. I’d been putting off expanding the “team” so to speak for awhile but you’re 100% correct. Aside from burning out, I’m the single point of failure right now.
Except you look at what they are spending on the entire SLS infrastructure vs what they are getting (vs other science options and/or space exploration options) and basically your mind is blown at how wasteful NASA is.
SLS is a $2-$3 billion per launch DISPOSABLE rocket. The orion capsule is going to be something like $20 billion(!). I think things like launch abort and service module with all the propulsion etc are also disposable.
Same story with shuttle and that's why it looks the way it is and was as expensive as it was. It would have been a completely different vehicle if Congress weren't meddling.
What NASA wanted was a space station, a small tug to move stuff in space, and a small shuttle to move people and cargo from earth to that station.
The whole point of the space shuttle was to have it service the space station, but the station wasn't greenlit. Instead we got a much bigger shuttle that was useful as a military asset but was a money pit with terrible safety record. Luckily the Soviet Union collapsed and the ISS was funded as a job program for Soviet rocket scientists (out of fear they could be poached to work on ICBMs for other nations).
> Luckily the Soviet Union collapsed and the ISS was funded as a job program for Soviet rocket scientists (out of fear they could be poached to work on ICBMs for other nations).
It's the first time that I heard this theory. Do you have any sources to read up on it?
NASA is neither a public or private company, but rather a government agency. Congress is an employee of the US taxpayer. I think that makes them more of a manager of NASA and we should hold Congress accountable.
Except I can't do anything about Senator John Jones from Arizona who wants to keep the couple thousand jobs he brought to his constituency. He won't budge on it because non-Arizonans didn't vote for him.
You’re probably thinking about the former senator of Alabama, Richard Shelby. There is no current or former senator by the name John Jones in Arizona. Additionally it is Alabama that benefits from the SLS program, not Arizona.
If that's true, then I'm officially notifying everyone in Congress and the Senate, they are terminated immediately and need to clear their offices by the end of the week. Let's see if it happens or not, and then we'll know whether you were correct or not.
The leadership and composition of Congress has changed numerous times over the years without change to management ideology. It does not seem likely that electing mildly different people will change the management ideology. Management acted in accordance with the incentives they were presented with.
I can't say NASA seems particularly wasteful outside ways in which they are mandated to be so.
I think this is because local state concerns are so prevalent here. Political colour doesn't even matter, but getting the pork barrel for the state manufacturing locations is.
This won't change no matter who you vote in. It's like hardwired into the system.
Exactly. There's not actually much of an incentive for a congressperson to create something broadly positive for the US as a vague whole, like an independently-operating excellent space program.
The incentive massively is instead in favor of that congressperson to have a space program that is meets some minimum bar of competence, and past that point do everything to benefit that congressperson's voting district such as mandate certain things be manufactured there, etc.
I think a matching industry company, but not necessarily a better counter example, would be SpaceX vs. NASA, for better or worse, and obvious reasons. They are trying to change the launch-and-trash model to reuse, so this requires a paradigm shift. When NASA chose SpaceX and Boeing to compete in 2014, SpaceX won, and after seeing Boeing's current fiasco decline, that's a good thing.
I was a member of the L5 Society [1] in the 80s where we would meet on the Intrepid aircraft carrier in Manhattan to discuss all things space and space colonization (L5 being the Lagrangian point in the Earth-Moon system to place space habitats 60-degrees behind or ahead of the Moon's orbit for stable gravitational equilibrium to minimize fuel or energy to maintain that position).
L5 later merged with the National Space Institute under the National Space Society (NSI was Werner von Braun's baby).
I had read O'Neill's 1974 article, "The Colonization of Space" when I was 10, in Physics Today that got me hooked before L5. I bought a Commodore PET 2001 in 1977/78 and was writing a program to show the on orbital plane view of Jupiter's 4 major moons - Io, Ganymede, Callisto, and Europa to better identify which was which when using my binoculars at night. I left L5 in 1988/89. Good times at the Galaxy Diner after the monthly meetings on the Intrepid.
I stopped devoting time to space around then and didn't pick up an avid interest again until SpaceX, even though I had done some machining work for some models of subassemblies for the Spirit and Opportunity Mars rovers in the early 2000s. I am now back at making machines and dreaming of space again!
- Boeing won the crew launch contract. I think their per seat cost was around $90 million or 63% more than SpaceX per seat.
- The person inside Nasa who fought for the commercial program side (Kathy) instead of being rewarded (she would have made a great NASA admin) got taken off Human Exploration and Operations and Exploration Systems Development and got dumped into Space Operations
- NASA got a new admin, and despite having folks who'd made GREAT and courageous calls on things like SpaceX went super old space / old white guy (Bill Nelson) who had made a name for himself fighting Commercial Crew. Guess what pork he pushed - SLS! That's right. He and Hutchison ("The two lawmakers have been pressuring NASA and the White House for months to commit to building the Space Launch System").
So money going through NASA on things like SLS are just a total waste. And despite all the happy talk from Biden about supporting women - they go with some anti-spaceX NASA administrator in the form of an old white guy!
So now, in a total irony, despite being told what a misogynist he is, we have Elon Musk who has a smart and capable women running SpaceX (Shotwell) and another smart and capable women running Starbase (Kathy)!
Meanwhile, NASA has a super old white guy who has made almost all the wrong calls.
"The person inside Nasa who fought for the commercial program side (Kathy) instead of being rewarded... got taken off Human Exploration and Operations and Exploration Systems Development and got dumped into Space Operations"
LtCdr Joseph Rochefort, leading a team in Hawaii during the early months of WWII processing Japanese encrypted messages about an impending attack, got both the location (Midway Island) and the date (early June) right, while other cryptanalysts near Washington DC got both wrong. Rochefort was recommended for an award by Admiral Nimitz (CINCPAC, in Hawaii), but this was turned down by Admiral King in DC. Eventually Rochefort was re-assigned to command a floating drydock in San Francisco, about as much of a demotion as he could get. At the end of the war, Rochefort did get a medal, still over the objections of Admiral King. Some think this bad treatment was because Rochefort and his team in Hawaii embarrassed the crypt analysts in DC.
She first headed commercial crew which outperformed tremendously by comparison to almost all NASA programs (in terms of budget and execution).
She then got promoted to lead Human Exploration and Operations - which is absolutely a promotion. In terms of putting US Astronauts in space, her crew dragon program as significantly outperformed SLS at an absolute fraction of the per seat cost. So yes, very embarrassing.
I'd have to look at timelines, but my instinct is Nelson likely came on and that pretty much marked the end of her career at NASA as a result.
She wasn't afraid to make the calls she thought were right, she was pushing towards fixed price awards even on things like HLS, and having her in Exploration Systems Development would just have ruffled too many feathers over time.
The whole lunar landing architecture was so comical. SLS launching Orion to lunar gateway? Lunar gateway in a nonsensical orbit that would have needed an an entire separate transfer vehicle to get to LEO where it should have been to start with?
“Why would you want to send a crew to an intermediate point in space, pick up a lander there and go down?” asked Buzz Aldrin, who called the Gateway concept “absurd.”
Kathy was involved in HLS selection I think - and when I saw they were going to maybe leave gateway out of architecture for first lending... you knew that common sense couldn't last!
The ihab module on gateway (currently getting maybe 800 million per year in funding) is going to have 53 cubic feet for FOUR PEOPLE!! The entire module has a diameter of maybe 4 feet BEFORE life support? And gateways orbit mean you can only get to it at a very specific time once a week basically .
NASA's manned mission division does seem to have the bigger problem with bloated contracting budgets and inefficiency, relative to the rest of the organization. I'd guess that's due to direct political influence (the Richard Shelby - Bill Nelson effect in that case). From 2010:
Yep, the whole SpaceX thing was unpopular with Biden admin - I think they brought Bill Nelson back from retirement - he'd really fought for SLS and fought against "wasting" money on SpaceX. The Biden admin have some kind of beef with Elon.
They also needed to get Kathy L out who had started to push down manned mission cost (crew dragon etc) and I think they succeeded there - there was a push to get her off new projects and into just operations I think to keep her from disrupting the pork - even just by showing the contrasts to other approaches.
SLS as currently launched doesn't have enough delta-v to even really get to the moon with Orion.
That's why SpaceX is supposed to fly an absolute gargantuan amount of mass both into lunar orbit, then down to the moon, then back off the moon! They are supposedly going to do 5,000 tons out to the moon, orbit, land and take off the entire 5,000 ton starship. Payload may be 100 tons +. It's a big if, but if they can anything close to this it'll be crazy.
Orion is weirdly heavy for the SM, and the SM is weirdly weak (I don't think it got redesigned when SLS came along).
They are trying to fix this at $600m - $1B / year with the Block 1B upper stage.
But SLS after $20B (+ another $20B for orion) definitely CANNOT get folks to moon and back. Orion payload is truly tiny.
I think SLS will be good for maybe some flyby missions to the moon? One way to keep it going would be to do a one rocket mars sample return option / dump Orion totally... That actually seems like a useful approach.
But its not clear to me that old space can do a fixed price contract, they are so used to cost+ they really need to be able to overrun budget. All these projects had initial budgets that are fractions of what they are now but with cost+ that actually is a positive for the contractor. And the headaches on a mars accent and return vehicle would be high.
NASA also thought the Space Shuttle was going to get cheaper per-launch after a couple years of service, and they turned out to be completely wrong. Why should we trust that this time will be different?
NASA's own Inspector General says, "... NASA’s aspirational goal to achieve a cost savings of 50 percent is highly unrealistic" and "... a single SLS will cost more than $2 billion through the first 10 SLS rockets ... " [0]
There were a lot of assumptions that turned out to be wrong. The chief among them was launch cadence and satellite capture and return missions. When these assumptions changed the cost values changed significantly as well.
> Why should we trust that this time will be different?
Do you understand the details of this specific contract? It's limited to 10 launches. It's structured quite a bit differently than the shuttle program was.
> NASA's own Inspector General says
Yes and did you read the recommendations and follow up from that same report? Or is this just a "haha NASA is dumb" rant that's become common around here?
NASA is dumb. They are funding this thing (SLS) at cost+ - and despite paying for it don't own it! That is totally ridiculous. If I hire someone to build a website for me, at the end I own it. NASA has given away the rights to SLS. So they can only do a deal for SLS with current contractors. WHATEVER price those contractors want to charge, they can't let anyone else compete to build it.
I also think there is almost no chance anyone of these folks is going to do fixed price for EUS or whatever. Contractors are getting something like $600 million / year on this thing and have been hoovering the gravy for 7-8 years.
Remember that these types of forever contracts that take 20-30 years are also liked by the NASA centers who work with the contractors - it's very stable career / funding (ignore the waste). So NASA at the centers level is not fighting against this stuff (ie, it's not just congress that pushes this stuff).
All these pork projects got a huge win with Biden picking Bill Nelson as NASA admin. Do wonder if a bit of SpaceX hate played a role there :)
A fair number of claims are guidance issues or gotcha issues. Wrong employer address on a paycheck is a crime (as it should be), but is it a $2 million dollar crime? Or could it be fixed in the next payroll cycle if a zip code was missing on an address with maybe some kind of penalty per employee for one payroll (not every paycheck).
The AFL-CIO (labor unions) are getting quicker resolutions. If the govt can deliver that it will be absolutely huge for most folks just trying to solve things without litigation. They need to deliver that critically. Make it so that DLSE / LWDA get stuff done in 60 days if the employee cooperates.
One issue has been CA state workers were all work from home - so stuff has slowed WAY down in terms of anything state agency level. I think they will back in office 2 days a week hopefully by the end of the year.
Historically you could do time to the nearest 10th of an hour - this was allowed explicitly under federal guidance on tracking time, and California had a case (Sees Candy) that said you could do it if applied “in such a manner that it will not result, over a period of time, in failure to compensate the employees properly for all the time they have actually worked.” which basically meant it was neutral to the employer so the employer didn't benefit from the policy.
There was a recent PAGA case (these are lawyer driven cases) against Loma Linda University Medical Center. After hiring lots of experts, they did a study of the effect of timesheet rounding to the nearest 10th of an hour (ie, 10.1 hrs worked) and found that 51.7% were paid for more time then they worked (by small amounts), 1.1% were basically paid exactly what they worked, and the rest got paid (slightly) less on average. Even though rounding to the nearest 10th was allowed by the Feds, and allowed explicitly in a previous case, under this Paga claim the medical center was found to have committed a HUGE list of crimes including wage theft, failure to pay overtime, waiting time penalties and will be liable for huge attorney fee awards.
Another case I saw was that the zip code on an address did not have the +4 digits so was not considered a complete address. Again, the penalty they were looking for was on EVERY paycheck missing the +4 digit zip code (this either settled or did not succeed I don't think, but just an example of the types of claims coming in under PAGA).
Another wave is going to be work from home costs where there is a conflict between the IRS (doesn't want non-taxed reimbursements of expenses) and California (very broad definition).
The biggest employer complaint I see is just that the CA DOL will not actually provide guidance on anything. Even basic things like vacation accrual cap rules - no guidance is provided and in the last years guidance has been withdrawn. Timesheet rounding - if the DOL would just issue a sensible regulation then my impression is software folks doing payroll systems would program it in and employers don't care about things like timesheet rounding, they just need to know if they need to track in 10ths of an hour or 100ths of an hour.
Would have been interesting to see how folks would have voted on the ballot measure - I thought it very unlikely to pass. But it had good ideas. Currently actual issues going through DLSE take FOREVER - this is bad for everyone. By this I mean things that should be resolved in weeks take literally years. It's ridiculous. The ballot measure would have sped that up. But the attorney driven PAGA stuff I think was going to be cut down pretty heavily in tradeoff. Also, under PAGA a very small amount goes to the employee themselves.
In terms of dollars - PAGA has no class certification barrier and average attorney fee awards run about $300K - $400K per case. All these are rough estimates. Employers spend roughly that again on their own attorney's (so think another $300K). Employer groups claim much larger numbers. Either way a big chunk goes to lawyers on all sides (600K), another big chunk goes to the state (where it is loaned the general fund rather than used to enforce labor laws). The next big chunk goes to employees. But in terms of total $ not as much as you'd expect given overall costs.
The deal (skimming it) looks potentially reasonable. If they can get non litigation resolutions to go faster through DLSE / LWDA that would be HUGE for everyone. One good thing about the govt - the workers there don't have much incentive to drag stuff on forever. The attorneys in a fees case absolutely do want to drag it out to 300 - 400K in fees so just a ton of extra work for everyone (judges, employee attorneys, internal staff etc).
Mark Nappi, vice president of Boeing's Commercial Crew Program, added, "We have an incredible opportunity to spend more time at station and perform more tests which provides invaluable data unique to our position."
Weird they just didn't plan for this incredible opportunity from the start but sounds like they are just taking extra time as an opportunity not because they need to evaluate any safety issues (at least per Boeing).
Got to see this first hand. A bunch of environmentalists killed a solar project because supposedly part of it would cast a shadow on a stream that the fish wouldn't like. Ironically, fish often hide under rocks etc, so my guess is the fish WOULD have like the added protection if there actually was a periodic shadow.
The other reality - everyone had nice houses with views and didn't want to see solar panels :) So after fighting and protecting for things like solar, they now only wanted the solar to be forced on folks elsewhere. The project was actually super cool otherwise - an old school type business was going to go green in part with this project.
A reminder that like all good companies adept at scamming folks they have HUGE ethics policies :)
Ethics and Integrity
At Adobe, good business begins with our commitment to the highest ethical standards.
We adhere to the following core principles:
Integrity, by conducting business according to high ethical standards
Respect for our employees, customers, vendors, partners, stockholders and the communities in which we work and live
Honesty in our internal and external communications and all business transactions
Quality in our products and services, striving to deliver the highest value to our customers and partners
Responsibility for our words and actions, confirming our commitment to do what we say
Fairness through adherence to applicable laws, regulations, policies and a high standard of behavior
We encourage you to read our policies to learn more about the legal and ethical standards we embrace.
AI ethics at Adobe
Australia Modern Slavery Act Statement
California Transparency in Supply Chains Act Statement
Passkeys are a nightmare. For whatever reason they play SO SO badly. Microsoft / et al all seem to compete to screw this stuff up. Seriously, if you are logged into a remote desktop, the push goes through chrome to some microsoft thing which has a different pin / password / whatever. What's even crazier - I have a yubikey and somehow the passkey doesn't need the actual hardware key to be plugged in - so this passkey is being stored somewhere else.
Keep it simple. I liked the U2F yubikey flow where you had to touch the yubikey to authenticate and I like TOTP well enough as well.