Computer security

As mentioned at Section "Computer security researcher", Ciro Santilli really tends to like people from this area.

Also, the type of programming Ciro used to do, systems programming, is particularly useful to security researchers, e.g. Linux Kernel Module Cheat.

The reason he does not go into this is that Ciro would rather fight against the more eternal laws of physics rather than with some typo some dude at Apple did last week and which will be patched in a month.

Ciro Santilli found out that he likes computer security researchers and vice versa.

It's a bit the same reason why he likes physicists: you can't bullshit with security.

You can't just talk nice and hope for people to belive you.

You can't not try to break things and just keep everyone happy in their false illusion of safety.

You can't do a half job.

If you do any of that, you will get your ass handed to you in a little gift bag.

All of this is closely linked to Ciro Santilli's self perceived creative personality and being naughty and creative are correlated.

A superstar security researcher with some major exploits from in the 2000's.

Oh yeah, that felt good. A few months before he died.

Ermm, as of February 2021, I was able to update my 2FA app token with the password alone, it did not ask for the old 2FA.

So what's the fucking point of 2FA then? An attacker with my password would be able to login by doing that!

Is it that Google trusts that particular action because I used the same phone/known IP or something like that?

The fatal flaw of OAuth is that websites have to enable specific providers, they can't just automatically select the correct OAuth for a given email domain. This means that the vast majority of websites will only provide the most widely popular providers such as Google, and the like, which means people won't have decent privacy.

So you are just better off with password logins and a decent password manager.

A cross browser, cross platform, and server-encrypted password manager is a must after Snowden!!! E.g. Proton Pass. And governments should obviously provide one to its citizens, or else be spied upon by the USA obviously: Governments should provide basic Internet infrastructure.

Do as I say, not as I do: Ciro Santilli's Stack Overflow suspension for vote fraud script 2019, meta.stackoverflow.com/questions/381577/is-it-ok-to-have-links-on-how-to-create-sock-puppets-and-gain-rep-fraudulently-i/381635#381635.

Basically the opposite of security through obscurity, though slightly more focused on cryptography.