IRC is easy to migrate from since there is nothing to migrate other then chat history. IRC is also missing so many features that slack provides out the box. And a law like that would not work since you would need to write complicated transformation scripts to transform between services. Also not all services are a 1-1 mapping. I like IRC but it has its limitations. That is why slack succeeded where IRC did not.
Tl;dr: "This suggests, according to Briand, that the COVID-19 death toll is misleading. Briand believes that deaths due to heart diseases, respiratory diseases, influenza and pneumonia may instead be recategorized as being due to COVID-19."
even if numbers were inflated due to the monetary incentive, this would only account for numbers in the USA. look at the excess deaths world wide and you can see the average is up everywhere.
There's little reason for a company owners to dilute their holdings with an S-1, if they are already profitable and don't have huge investments planned ahead.
Woah I had never considered that before. I bet there are tons of private companies out there just absolutely printing profits for a small number of internal shareholders that we just don't really know about.
As long as the table is bolted to the floor, you're replacing posession (of a phone) factor, with location (in SOC) factor. Keeps both client happy, and security architect sleeping soundly.
Yeah... isn't one benefit of a yubikey that a secret must be acquired by some very physical and intentional means? If my laptop/password is compromised, then they still can't log in because they need my secret token from the yubikey. Well, if having that secret token is just one curl call away if they're on the same network then its no longer a very physical and intentional safeguard.
I know... layers of unlikelihood.. but I'd probably opt for a physical "good button" gapped from my computer as sort of a closed electrical extension of my finger.
> Congratulations, you've defeated the purpose of having a YubiKey.
Even a virtual 2fa button is useful. It prevents people using your stolen credentials to login to websites unless you click the button, even if it's just a virtual button.
Sure your computer can be compromised, but it's probably still more secure than sms 2fa.
I'd hazard saying that the purpose of a YubiKey is to provide two factor authentication. A YubiKey acts as an item, posession of which implies identity. When you allow for the YubiKey to be activated without human interaction, it's moved from domain of posession into the domain of knowledge - identifying party needs to know where to knock, not to possess they key. It's no better than appending the URL at the end of your password.
If you allow for a YubiKey, or any other physical artifact in that matter, to be remotely invoked it negates its utility as an authentication factor in the physical domain.
It depends on what protects the key. If the problem is being unable to duplicate it, you could protect remote access with a different YubiKey or some other second factor.
And the setup in the article isn't even remote access. If the only way it can be triggered is a local button press, you're golden.
Exactly. At one of my work places, we needed 2FA to log into a vendor portal. So we stuck the username, password, and TOPT in Vault which is protected by corporate AD password only.
The EFF reference at the bottom of that link provides a useful alternative position:
> What’s the legal theory behind warrant canaries?
> The First Amendment protects against compelled speech. For example, a court held that the New Hampshire state government could not require its citizens to have “Live Free or Die” on their license plates. While the government may be able to compel silence through a gag order, it may not be able to compel an ISP to lie by falsely stating that it has not received legal process when in fact it has.
> Have courts upheld compelled speech?
> Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.
> Have courts upheld compelled false speech?
> No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patent’s decision to have an abortion.
> Are there any cases upholding warrant canaries?
> Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from Winston Churchill, no one can guarantee success in litigation, but only deserve it.
As counterpoint, the US Supreme Court held that Idahoans are obliged to advertise "famous potatoes" on their license tags. But potatoes really are famous (at least by Idaho standards) so it is just a fact and not an opinion. I guess.
