As usual on HN, I find the pragmatic response about 3 pages down in the replies to an extremely hyperbolic top-level comment.
I also don't want to diminish the concerns around Github or similar orgs losing control of a private key, but the far more realistic concern for the vast majority of threat models is often put to the wayside in favor of what amounts to a scary story. Rather than the straightforward key removal and replacement that this should be, I (and surely many others) have spent all morning combatting this specific FUD that cropped up on HN with leadership and many engineers. It's actually quite detrimental to quickly remediating the actual concerns introduced by this leak.
I understand that security inspires people to be as pedantic as possible - that's where some big exploits come from on occasion - but I really hope the average HN narrative changes toward "what is your actual, real-world threat model" vs. "here is a highly theoretical edge-case scenario, applicable to very few, that I'll state as a general fact so everyone will now wonder if they should spend months auditing their codebase and secrets". Put simply: this is why people just start ignoring security measures in the real world. Surely someone has already coined the term "security fatigue".
It's all just a bit unbalanced, and definitely becomes frustrating when those suggesting these "world is burning" scenarios didn't even take the available precautions that apparently would satisfy their threat model (i.e. commit sigs, as you suggested)
Very cogent explanation, and an important point that you highlight - factual real-world risk/threat model is far more important than hypothetical "the-world-is-burning" scenarios.
Having a correct threat model is the first step towards building reasonable security controls. But far too many are willing to pander to the "It rather involved being on the other side of this airtight hatchway" [0] scenarios.
Most services I use integrate Plaid. I believe Plaid is just a federated authentication glue that accesses your bank's systems and is granted access to account balances and ACH details (routing/bank account numbers).
It always struck me as an odd product, since I can just plug my ACH info in directly, but it does provide some level of convenience by allowing, say, a roboadviser app to show the embedded balances of my other accounts.
Plaid is a disaster waiting to happen—they store your banking username and password, and then use them to log in to your online banking on your behalf where they scrape the info they need.
I feel like the branding really shot it in the foot. If they'd named it something less "startup-y" sounding, and marketed it as secure, instant transfers backed by the banks themselves, they might be in a better position.
I still use it all the time since it's a superior to any other offering for instantaneous high-dollar transfers, but it always feels like a "Venmo got embedded in my banking app" type of interface vs. "my bank is offering a direct payment service to it's other networked banks".
Hard to define, but I do think the marketing/branding/rollout were more to blame than the merits of the service itself (IMHO, Zelle is great).
Chase used to call it "Chase QuickPay", which was a great name. And when they joined Zelle and started supporting other banks it became "Chase QuickPay With Zelle". I don't know why it needed 2 product names but at least one of them told you what it did. And now it's just Zelle...
So, the current situation if you get scammed via Venmo/PayPal or other electronic payment methods is for the FBI / local law enforcement to subpoena the provider for records about the incident.
Now, imagine all that data is sitting on Federal servers by default. No subpoena required, and fraud systems would be integrated directly with investigative services at the Federal level. This integration should strike fear in the heart of anyone who currently scams via 3rd-party payment providers.
I am bothered that fraud isn't directly addressed in this page, but it's only an FAQ and it'd be silly to think the Fed wouldn't build industry standard (or better) fraud protections into a system they're building from scratch.
No, the current situation if you get scammed via a credit card or PayPal is that you file a chargeback, and PP/card company reverses the transaction, because withdrawing money takes time. And if the transaction is not reversible, then PP/CC company take the hit on their own bottom line.
Is the federal government going to take on that risk? What makes you think they can afford to hire programmers who are skilled enough to build out a sophisticated fraud detection system? The highest GS pay scale is lower than what a new grad makes at Stripe/PayPal.
> The highest GS pay scale is lower than what a new grad makes at Stripe/PayPal.
It's better if you compare benefits and cost of living. Or if Stripe fires you because your manager didn't like that you tweeted a joke about Elon Musk once (apparently this happens).
The only better benefit is a guaranteed pension after you work 20+ years in government. But since pensions nowadays are chronically underfunded and you make literally 3x (!) more at the equivalent level at Stripe/Paypal/etc. a 401k is a more than good enough substitute for the pension.
Health insurance is definitely better at the tech company. Cost of living varies - Washington DC/Northern VA is not cheap, and Washington state (where Stripe is based) has no state income tax.
I think very few people would take the government job, particularly the type of people okay with taking big risks that you need to build out a greenfield fraud detection and payment system.
>So, the current situation if you get scammed via Venmo/PayPal or other electronic payment methods is for the FBI / local law enforcement to subpoena the provider for records about the incident.
Imagine so confidently posting something so wrong. No, that’s not how it works in the US. Every credit card company (and PayPal-like company) has a massive anti-fraud department that both automatically detects fraud and responds to consumer complaints. If I see a charge I don’t recognize, or a seller fleeced me, I call my credit card company and they give me my money back and fine the shit out of the seller’s account unless the seller can prove to them that the charge is legitimate. Yes, ultimate recourse is to court, but very rarely is that necessary.
its a shame they included the original shareware resource files in there without any mention that they are NOT covered by the MIT licence that the repository is under.
I still have it. I replaced the alternator and battery myself - 2 hours of my time. I call it my train station car now. I don't consider it reliable enough to be the transportation for the ones closest to me given that the odometer is at 210,000 miles.
You don’t consider the car reliable after two wear items wore out after 200000 miles? What are the other things about this car that cause you to question the reliability?
I meant that currently I don't trust its reliability given that its past the 210k mile mark. It's 16 years old. My hope is to keep it until I no longer have to pay taxes on it, which is @ the 20 year mark - it is not however something I would let my spouse operate, mostly because she isn't mechanically inclined were it to break down for whatever reason.
Battery is something that can always fail within few years. Even more with start/stop systems which every ICE car has nowadays.
That said, if your new car has significant safety improments like auto braking, rear camera, cross traffic warnings etc. these are good reasons to upgrade.
Btw. our city car is 2007 Honda Jazz/Fit, that thing is perfect. Yes, battery failed few times but that's about it.
As were most laws that are now criticized. We actually have a huge amount of Conservatives in CA. It’s far from the leftist whatever-the-heck you probably hear.
Make sure you can afford the few % more you’ll pay in taxes and you’ll be just fine! It was negligible compared to my Midwest home state’s taxes; I was genuinely surprised by that after hearing so much negativity about the place and it’s laws.
Come visit sometime, there’s a place for everyone here and housing will snap back after our pandemic precautions phase out.
Also a gun owner in CA. Came from a state with open carry/no license needed.
I found CA’s laws to be quite reasonable; I was told all variety of stories about guns being taken from my home when I told people I was moving out. Weird stuff.
I think CA is highly demonized and I don’t really get it, even as someone originally from a very conservative (and also evangelical Christian) background/area.
I actually live in a very ethnically diverse area that’s about 50/50 red and blue, and right near the ocean in SoCal. Love the diversity in this state!
Hey! Thanks for replying, good to hear from another resident :D Yea, I certainly don’t agree entirely with CA’s gun laws. I also definitely don’t believe CA is perfect. But I agree that the state seems unfairly demonized, I’ve been trying for a bit now to try dig into why. Agree 100% about loving the diversity in this state.
Back at ya! I also don’t agree with all the laws either, btw, but overall I found them far less onerous than they were hyped to be by my IDPA (sport shooting club) friends asserted.
And yeah, I think being a transplant really helps; it’s easier to realize just how unique the climate and culture truly are. And that applies to any other state where one is a transplant to: I think a big part of this conversation that’s missing is the whole “grass is greener” effect. CA has more population than anywhere else, so we have the most natives by definition (or at least close enough that my point stands - I know the birth rate is below the national median here, but I’d suspect the population outweighs that effect). It’s only in leaving the Midwest that I appreciated some things I overlooked there, but none of those were in the areas of personal freedom (e.g. my city had an amazing food scene and I didn’t know how much I’d miss the unique spirit of that scene).
I do think people make it into this “competition” almost, which is a really odd reflex to me, considering this country has freedom of movement and you can just hit up any of 100s of sites to find a place with the right balance of laws for your lifestyle, costs, diversity, etc.
It’s the furthest from a zero-sum game, in other words, and that argumentative spirit seems like it could be easily replaced with a cooperative one.
Makes me want to start a national real estate/moving consulting company where it’s all focused on finding the perfect place for your specific interests and price point, but I digress
As a Texan that hears that frequently among my right winger friends / family, I think its mostly (plain old) ignorance and indifference. When I talk about liking California I get -- effectively -- dirty looks. But concomitantly, if I press for details there are none. So I think it is just one of those talking points that's taken on a life of its own, probably exacerbated by the housing prices that also get blamed on Californians. If I wanted to reason about it from a policy standpoint, I might argue the electoral college plays a significant role. Since in presidential elections the right doesn't need Californian votes, they are fee to demonize it at will -- its free points in a sense. No hills I'd die on, just my 2 cents.
suppressors are not legal, 10+ round magazines banned, very complex rules around "assault weapons", guns are registered, many new pistols are banned, defacto no issue concealed carry, red flag laws, background check required to purchase ammunition. no peer to peer sales, etc etc.
Also, public health policies have to track with population density.
This would be a massive encroachment on freedom in rural Texas or somewhere of that nature, but is a reasonable ask in the most populous city in the country.
There are no real geographic barriers stopping Austin's growth. I am not in Austin but if I have to guess, the public transport sucks balls. You have to have Car unless you live in the urban core. The bigger problem in Austin is, their nimbyism manifested in such a way that City and County constrain the growth by not expanding the infrastructure.
But the land is there - the city can grow into a bigger metro.
Public transit in Austin is laughably bad unless you're on a small set of travel paths, mostly to the university and a narrow part of the city center.
As an example it takes about 20 minutes to drive from my house to the airport, and 3 hours to get there by bus, not counting the walk to the bus stop. The light rail line goes nowhere near the majority of the city.
If we're doing any sort of event downtown or ACL or whatever, I rent a condo nearby instead of dealing with taxis or busses despite only living 15 minutes from the city center and very much "in Austin."
Nobody deals with publix transit if they can afford not to.
As in much of Texas, not very good in most places. If you are central there are some options. And Prop A passed in the last election, which will expand the (single) commuter rail line that exists now (among a few other things). If it is well received, it could potentially expand beyond that. Most residents I know are hopeful but skeptical. Living along Lamar puts you in the best position to take advantage of it, and there is concomitantly a "rapid" bus line that runs regularly North / South fully along it -- I used that on occasion too.
I was fortunate to live in a community on the Commuter rail stop (in Crestview) while I worked downtown and took the train daily for a couple years -- splendid. But though it was packed, I knew nearly nobody else in person that had used it, and many did not even know it existed -- such is the small areas it served.
IMO the best (commuter) features of Austin is it has the room to grow. Unlike Houston (or Dallas, I assume), it has much less roadway infrastructure and things seem slow to build here. So, despite being in and out of this city since college (~20 years ago), I still feel unsure what the future looks like.
I also don't want to diminish the concerns around Github or similar orgs losing control of a private key, but the far more realistic concern for the vast majority of threat models is often put to the wayside in favor of what amounts to a scary story. Rather than the straightforward key removal and replacement that this should be, I (and surely many others) have spent all morning combatting this specific FUD that cropped up on HN with leadership and many engineers. It's actually quite detrimental to quickly remediating the actual concerns introduced by this leak.
I understand that security inspires people to be as pedantic as possible - that's where some big exploits come from on occasion - but I really hope the average HN narrative changes toward "what is your actual, real-world threat model" vs. "here is a highly theoretical edge-case scenario, applicable to very few, that I'll state as a general fact so everyone will now wonder if they should spend months auditing their codebase and secrets". Put simply: this is why people just start ignoring security measures in the real world. Surely someone has already coined the term "security fatigue".
It's all just a bit unbalanced, and definitely becomes frustrating when those suggesting these "world is burning" scenarios didn't even take the available precautions that apparently would satisfy their threat model (i.e. commit sigs, as you suggested)
Ok, end rant :)