I don't see the middle tier disappearing, it already has the jobs the entry level would take and few were shaken loose by return to work mandates and flat pay rises even when less of the industry was lowering total effective compensation.. In some countries/industries jobs very quickly reach a max compensation and then continue to hire the most experienced for the same price as anyone else.

Good IT security is different than what you describe. You are describing give up the house and hope you can get it back again with probabilistic scanners security. It makes your security team look important because they are incapable of their job.

So what is better security? How would a better security team operate?

The OWASP auth cheat sheet discusses many of the options for making that phishing of a password useless instead of reacting to its use.. Separate IDPs with weak mfa, fido, etc. And of course if one isn't doing small-time bland business one should consider more complete computing silos for many things, signed email or separate double ratchet oriented messengers, etc.

As long as they don't keep the work both sides are really throwing effort away as it should be.. One might be going into technical interviews with no prep but one threw a lot away to get to that point and potentially loses a lot in negotiation potential from doing no prep.

This just bring in new problems like people thinking they got paid but there being a refund trick.. This happens in the traditional system too, but at least when it exhibits total indifference to an account serving no purpose besides refund scams it is violating KYC principles instead of running as expected.

The point is that trade-offs are a fact of life. Some problems get solved, other problems appear. I'm not saying the new problems shouldn't be addressed, I'm just talking in general and I believe there are many kinds of solutions that can mitigate many kinds of problems. Just like in traditional banking. I just think it's pointless to try to invent and flesh them out here.

You could still decide what kind of use suits you the best. Regular people wouldn't (and shouldn't) need to know all the technicalities. A trusted party, maybe a bank, could provide their own integrated solution with whatever features they want to offer.

There are plenty of options in bank settlement protocols. I think the point under discussion is not banking improvement but bankless user sovereignty via technical means.

The smart contract writers sometimes fool themselves when working on the problem full time.. That's a bigger problem if the code is the contract instead of code attempts to honor the contract and a system with judgement can undo things that obviously fall bellow our ethical expectations like account ID swaps, supply chain attacks, kidnapping/intimidation and so on.

Doing everything in a chaotic uncoordinated manner helps local companies and the biggest international players eliminate smaller foreign players..

This "sane" approach lost to HTML.

It's called "backwards compatibility/legacy systems inertia" and plenty of bad but old techs will never die. It doesn't make them good.

A good HTML might not even look like HTML.

That's only one distinct component. HTML vs XHTML was also a distinct aspect (syntax ambiguity was a lesser problem than larger ambiguity. The WHATWG fiasco is IMO more important to the point that low quality half baked new features is not an accident but a goal.)

XHTML reveals though that HTML won on ambiguity over pedantic error identification. The adopters it needed rallied against anything that would tell them what they should do from day 1 to unambiguously say what they mean. Starting with a fundamentally flawed demo, blog, shop that ropes in some commitment and gradually fixing things on the in-for-a-dime-in-for-a-dollar investor is basically the whole business model of most fields if you exclude exchanges between the top 1-10% of buyers and sellers, which have an entirely different structure.

Even things like Facebook are an example of the manure first model. I wouldn't be stupid enough to let Zuckerberg plan lunch and as an investor I'm about as savvy as someone who bet against HTML. A billion flies can't be wrong as the saying goes.

You're referring to XHTML 2?

I'm a but puzzled by their advice.. Given the variety, how do we know this data isn't from a password manager compromise?

You're right - thee fact that Google and Apple passwords were both compromised (given how insanely good their internal security is) strongly suggests either malware or password manager compromise.

Given that it's likely from an infostealer malware it might be from user internet browser profile password databases.

I think people are being too critical in the comments.. I see nothing requiring free energy or physics defying in an ideal condensation material. This process is going on all the time in less optimized materials and we usually are not happy about it. (There's also a very interesting logical argument that we only exist because the water molecule has such unusual properties compared to its environment.)

His larger problem was doing everything a lawyer would tell you not to do. The world and a sufficient portion of any 12 person subsample could have accepted that these were suckers far more readily than Madoff's victims. But he broke every rule about talking, letting people know he was making up required departments, mixing conflicts of interest, etc.

I think Krebs has done pretty well with goading attackers in the past? Ad for him and they tend to have slip-ups that come to light during all the attention.