Security expert Bruce Schneier approved⁰ of this trade-off between security and usability - saying what we're all thinking:

Here’s a guy who has a webcam pointing at his SecurID token, so he doesn’t have to remember to carry it around. Here’s the strange thing: unless you know who the webpage belongs to, it’s still good security. Crypto-Gram - August 15, 2004

Nowadays, we have to carry dozens of these tokens with us. Although, unlike the poor schmucks of 2004, we have an app for that. But I don't always have access to my phone. Sometimes I'm in a secure location where I can't access my electronics. Sometimes my phone gets stolen, and I need to log into Facebook to whinge about it. Sometimes I just can't be bothered to remember which fingerprint unlocks my phone¹.

Using the Web Crypto API, it is easy to Generate TOTP Codes in JavaScript directly in the browser. So here are all my important MFA tokens. If I ever need to log in somewhere, I can just visit this page and grab the code I need².

All My Important Codes

What The Actual Fuck?

A 2007 paper called Lessons learned from the deployment of a smartphone-based access-control system looked at whether fobs met the needs of their users:

However, we observed that end users tend to be most concerned about how convenient [fobs] are to use. There are many examples of end users of widely used access-control technologies readily sacrificing security for convenience. For example, it is well known that users often write their passwords on post-it notes and stick them to their computer monitors. Other users are more inventive: a good example is the user who pointed a webcam at his fob and published the image online so he would not have to carry the fob around.

As for Schneier's suggestion that anonymity added protection, a contemporary report noted that the owner of the FobCam site was trivial to identify³.

Every security system involves trade-offs. I have a password manager, but with over a thousand passwords in it, the process of navigating and maintaining becomes a burden. The number of 2FA tokens I have is also rising. All of these security factors need backing up. Those back-ups need testing⁴. It is an endless cycle of drudgery.

What's a rational user supposed to do⁵? I suppose I could buy a couple of hardware keys, keep one in an off-site location, but somehow keep both in sync, and hope that a firmware-update doesn't brick them.

Should I just upload all of my passwords, tokens, secrets, recovery codes, passkeys, and biometrics⁶ into the cloud?

The cloud is just someone else's computer. This website is my computer. So I'm going to upload all my factors here. What's the worst that could happen⁷.

In the future, all your clothes are an NFT.

"Wow! I love your blouse."

"Thanks, here's a smart contract showing where I purchased it from. If you buy one, I get 10% of the sale price back in WoolworthsCoin."

Applause Tokens™.

A smart monitor under your theatre seat detects how long (and how loud) you applaud for.

Remember, the more enthusiastic you are about this middle-school production of Annie, the more tokens you earn!

Geneticoin

By storing your frozen sperm or eggs in our BYOG-Bank®, you're investing in your future!

Anyone who has a child using your genetic material signs an irrevocable smart contract which entitles you to 1% of the progeny's lifetime earnings.

More donations means more money!

KindleCoin

With KindleCoin, a Basic-Attention-Token derivative, you only pay for good books. Didn't finish reading the latest Dan Brown novel? Only pay for the pages you enjoy!

WARNING! Leaving your eReader unlocked could result in an attacker flipping through Dostoevsky; costing £££

Book-NFT

With this new Literature-based NFT, you can bring your most beloved characters into your favourite books!

Unlocked Willy Wonka by buying some Roald Dahl? Wonka can now appear in Game of Thrones!

DateCoin©

Welcome to a REVOLUTION in online dating.

Before meeting up on a date, both parties sign a smart contract. If either bails on the date, or doesn't look like their profile photo, or fails to put out, their stake is forfeited to the other party.

BoomBoomBucks

By placing noise monitors in every house, we are democratising annoyance.

Want to play some banging techno at 3AM? No worries!

Your neighbours can set a price on being annoyed and automatically charge you for waking them up.

⚡️coin

Let's embed a tiny Blockchain processor in all your electronics. Want to charge the battery in your PS5 controller? It's FREE this weekend!

(As long as the ⚡️coin chain doesn't detect you charging an Xbox controller. In which case the price is doubled.)

No More Train Delays

Train delayed on the way to work? Not a problem!

Your employer can bid on prioritising your train based on the economic value your delay is costing them.

By automatically monitoring your movements at all times, ChooChooCoin incentivises faster repairs to the train network.

Prevent diamond theft

Stolen a bag full of diamonds from an highly protected safe in a daring raid involving lasers, an electronics expert, and an old lag looking for one last score?

Joke's on you! Those diamonds are associated with an NFT which you didn't steal!

Enjoy your sparky stones, idiots!

TrafiqueTokens

No more waiting at 🚦! Your Tesla will automatically bid up to your specified limit to override a red light.

Remember, the value of TrafiqueTokens may enter negative territory and you could be stuck behind a Skoda for the next 6 hours.

PrayerPoints

An exciting new soul-bound token which you can earn for acts of worship and devotion. The more spiritual you are, the more the points accumulate.

You can exchange these points to get out of minor sins.

A group of friends can pool their points to redeem against a major sin!

Dietary Dinar.

Imagine you're a vegetarian who has a craving for steak. Collateralise all your veggie-pesos to exchange with someone's carnivore-bolívars.

You eat their steak, they eat your salad. Karma neutral! Sadly the coin exchange takes a few hundred kWh, so not carbon-neutral.

Voice Coinz

This means an end to spam calls!

Set a smart contract price on calls and texts to your phone number. If a legitimate call comes through, waive the charges. If it's spam - make 'em pay!

(Huh, that might actually be a good one...)

NO YOU SHUT UP

MeetingCoin. A non-rivalrous smart-attention coin which ensures that Gavin from accounts doesn't speak over Michelle who actually knows what the meeting is all about.

Probably sends electric shocks if you waffle on too long. Voltage based on number of votes.

Pest Control Smart Contracts

We have a pretty huge pest control problem. Imagine if exterminators could be paid exclusively in crypto for every vermin they destroy?

For every snake head you present to us, we will mine you one RajCoin.

No, I've never read a history book. Why do you ask?

Basic Love Token

If every marriage was a smart contract, your could rent out your spouse to other people who wanted them.

Imaging being able to seamlessly transfer marriage obligations as simply as you rent a DVD from Netflix.

All of the advantages, none of the obligations!

🐼🪙

There are only 1,800 pandas left in the wild 😢

We have minted a unique "Hunting Permit NFT" for each of them. The coins are pegged to the price of ETH.

If conservationists want to save these cute bears, they can chose to outbid the hunters.

Distributed Proof Of Kill.

BugCoin

Annoyed by bugs in your code?

Blockchain solves this.

A smart contract will prevent you from committing anything which crashes by determining whether or not your program will eventually halt.

And so on

If you have any other billion dollar ideas - please leave a comment. We'll split the profits 50:50.

(It's the latter, obviously.)

We'll never know exactly whether users want this because Google is pathologically adverse to performing or publishing user research.

Anyway, I have a solution to all of Google's problems. Forget this notion of untrusted "user agents" executing code on untrustworthy computers. I have a foolproof way of getting pixel-perfect rendering on every device. It also stops scraping. And, as a little side effect, completely defeats ad blocking.

It's VNC.

This takes "Server Side Rendering" to the extreme. Render exactly how you want the page to look and then stream it over a remote framebuffer protocol. Users get to see exactly what you want them to see - ads included!

Just imagine the possibilities. No more worrying about which browser is being used - render everything through Chrome and stream to everyone!

Users simply can't alter the content they see - which keeps them safe from hackers, and protects your advertising revenue.

Low bandwidth? VNC will simply degrade the quality of what you see. Look, do you really want poor people viewing your expensive website?

Those naughty hackers won't be able to copy and paste your content - the trusted VNC viewer simply won't let them.

Want to track users across multiple sites? Might be tricky. Just route all your content through Google's AMP VNC service!

...ugh... I've reinvented Opera Mini and given myself a sad.

There are so many decent people working at Google. And all the good they're trying to do is being drowned out by mediocre and mendacious crap like this. Google desperately needs to be broken up. It's simply untenable to have the largest browser in the hands of the largest web advertising firm. Android isn't safe with a firm which priorities their advertisers' needs over their customers' needs.

The thing is, this is coming. There is literally nothing you can do to stop it. Your protests are meaningless next to the desire for some people at Google to sanitise the web.

So I signed up to a cloud provider and installed Mastodon and Pixelfed. Neat! But I didn't really run that server. Sure, I could install software - but I didn't have root. It was all managed by someone else.

Next, I got a dedicated machine in a rack somewhere. Great! I had root and was able to mess around with the system as much as I liked. I mean, I could always roll back. Wait… I did set up backups, right? But it was never really my server. If I wanted to install more RAM or a bigger disk, I had to ask a technician to do that for me. And those technicians were able to power off my machine at any moment without warning.

Fine! I bought a dedicated fibre connection at home with a static IP address. I bought a couple of servers, a load balancer, and a hardware firewall - then set up a domain name to point to it all. I also bought a UPS to deal with power cuts. Then I installed a security system to prevent burglars or spies coming in to mess with it.

Of course, I want to make sure I know exactly what's running on my machine; not your code, not your server. That means I make sure to read all the diffs to the source before I run apt upgrade. But reading that many changes to Linux, Apache, and WordPress is complicated.

So I've not been able to post much on social since I started studying for a Phd in Computer Science.

Heavily inspired by this masterpiece:

I thought using loops was cheating, so I programmed my own using samples. I then thought using samples was cheating, so I recorded real drums. I then thought that programming it was cheating, so I learned to play drums for real. I then thought using bought drums was cheating, so I learned to make my own. I then thought using premade skins was cheating, so I killed a goat and skinned it. I then thought that that was cheating too, so I grew my own goat from a baby goat. I also think that is cheating, but I'm not sure where to go from here. I haven't made any music lately, what with the goat farming and all.

MagpieIndustries - 2010-09-03

(The situation is slightly different if you borrow a book from a library. In the UK, authors earn money every time a book is borrowed.)

Is it fair that authors' works can be sold like this without any recompense?

It isn't just about the money. Publishers don't receive any data on second-hand sales. That means they can't even tell if an author is popular. An author could be a best-seller without even knowing it.

Apologists for second-hand book shops point to some nebulous "benefits". A reader might pick up the first book in a series and then go on to buy legitimate copies of the rest. But there's no way to stop readers from buying sequels second-hand.

Not everyone can afford new books. I don't think that gives people a right to just take copyrighted works without fair compensation.

Charities make the bulk of their money from these sales. I'm sympathetic to that - but surely authors should be able to opt-out of any charity which doesn't match the author's values?

It is more environmental to share books. Again, true, but the paper from the book can easily be recycled without copyright theft.

What should we do about this?

Dame Antonia Byatt has called for new rules to protect novelists using a system known as droit de suite, which guarantees artists a payment for each subsequent sale of their work.
“Droit de suite is a very good way to protect us,” she said. “I hope they do something because earnings for an author can be absolutely pitiful.”

Authors want cut of second hand sales - The Times

The UK has a concept of Artists Resale Right which ensures that artists get compensated when their art is resold. Authors are artists.

We have the technology to do this. Every modern book has a barcode on the back. Every modern book sold online has an ISBN. Collect up the ISBNs and the price paid, then give the copyright holder a percentage of that sale.

Can't be done, you say? Back in 2014, Bookbarn announced it was to pay author royalties for used book sales.

It is time for us to take a stand and recognise that selling second-hand books are theft.

No. Wait. Sorry. Not books. Video Games. That's right - reselling Video Games is killing the industry.

Dammit. What was I thinking. I meant Blu Rays. Every time someone sells a used movie disc, the patent holders are being stolen from.

This madness must stop!

We're still unable to re-sell digital goods. This is because most people recognise that it is impossible to know if a digital file has been copied and retained by the seller. It is time-consuming and impractical to photo-copy an entire book. So we assume that when someone sells the physical item, they are depriving themselves of an asset.

It is impossible to prove you have deprived yourself of a digital asset.

We also know that digital files can be reproduced infinitely with close to zero cost.

Any digital good is worthless on the resale market.

This has been a rather long-winded way of saying that we shouldn't treat digital art as though it were a stock to be traded.

By reconceptualising the way the nano-structures of 5th Generation (5G) networks interface with the OSI stack of traditional networks, we have found a way to perform novel temporal manipulation of the bitstream to deliver data at super-luminal speeds.

Quantum BlockChain will accelerate the way Distributed Ledger Technology (DLT) is revolutionising the world. As Quantum BlockChain harnesses the superior AI performance of Neural Networks, we conceive a factorial growth in data interchange speeds. This leads to a position where the Internet of Things becomes the Internet of Emotions.

Through the use of React Native, the acceleration of Ethereum contracts will make obsolete any previous BlockChain. This will allow us to replace BitCoin with a tiny Crystal called Gerald. We believe Gerald will usher in a new realm of digital progress. Crystals have natural healing properties, and Gerald vibrates at the same cosmic frequency as the Internet. Quantum Crystals will BlockChain the Neural AI.

Why is is that every snake-oil startup sounds like this?

No. I've had a few drinks, but I wouldn't say I'm drunk.

To be fair, it has been "nearly" here for a long long long long long time.

But with the imminent arrival of lab-grown meat, it is time to investigate Synthetarianism. A diet of Synthetic food.

I haven't eaten meat for... oh... 20 years now. I live with a carnivore but, despite her amazing cooking, I've no real desire to eat animal flesh. I'm sure it tastes nice to you, but my (smug) morals just don't allow it.

But is it morally OK to eat synthetic meat? I don't mean the mycoprotein based sausages and burgers that are ubiquitous nowadays. I mean steaks grown from animal cells.

One of the perils of the modern individualistic world, is that we don't have many moral leaders telling us what is and isn't acceptable. There is no High Priest of Veganism. So we're left to our own devices to determine what's acceptable to us.

It seems obvious to me that Synthetarianism is compatible with Vegetarianism. Taking milk from a cow or an egg from a chicken seems equivalent to taking a cell culture from a creature. Yes, it's nicer if the chicken is free-range, and the cow lives on a pleasant farm. But the animal probably still gets slaughtered at some point. Vegetarians (like me) are hypocrites.

But is it vegan?

There was a schism in veganism about whether honey is vegan. You should read the history - but I think it comes down to whether you feel the bees are exploited by the humans. Personally, I don't. I think we're in a symbiotic relationship with them, which is complicated. And we should probably stop colony collapse. But I don't think I have a problem with taking their honey.

A non-sentient animal can't make a choice about whether to donate cells. But suppose we could clone a chicken breast from, say, a discarded feather? That doesn't seem like much of a problem. Does it?

Which, of course, brings me on to cannibalism.

Would you eat human flesh grown this way? Someone inevitably will, once the tech gets cheap enough. Tweenage girls will clamour for a spare rib of their latest celebrity crush. Then the fad will go mainstream, as it always does. Curse you tweenage girls!

If it's consensual, where's the harm?

I suppose because it is hard to know whether it is truly consensual. Selling your body is often seen as problematic. It's also hard to determine provenance. Someone could be selling "Premium Blackpink Mince" when really it's offcuts of Nickelback. Poor old Nickelback, forced to sell their cloned flesh in order to pay back a dodgy record contract which has left them impoverished.

What if someone picks up one of your discarded snotty handkerchiefs, clones your body, and then eats "your" flesh? That doesn't sound consensual at all. So why should it be any different if it is an animal who is being cloned from discards?

You can't ever really know the reason whether someone else has freely entered into a contract.

Therefore, the only way Synthetarianism is compatible with Veganism, is via Autocannibalism.

It's a cheap, simple, and quick way of electing people. It retains the best features of First Past The Post and Proportional Representation. Here's how it works:

• Everyone in the constituency votes for their most favoured candidate by marking an ☒ next to the candidate's name.
• All the votes are placed into a ballot box.
• The ballot box is shaken and stirred.
• A single ballot paper is drawn from the ballot box.
• Whoever's name has an ☒ next to it, is elected.

On average this will fairly reflect the will of the people. There is a bunch of research about why this is an excellent - but not perfect - system.

What other aspect of our lives would we give over to raw statistics?

If you were taken to court, we could dispense with a trial. We know the conviction rates for various crimes - so let's roll a couple of dice to see if you're found guilty. That would save a lot of time and money on court cases and - on average - would be just as fair as the traditional system.

Similarly, stochastism is a good way to eliminate the gender pay gap. Rather than messing around with work based performance assessments, collective bargaining, and individual negotiation - a company could randomly distribute its wage bill across the employees. Set a minimum and maximum amount an employee can receive, and then each month randomly allocate them a portion of that month's payout. Some months you'll get CEO level pay, other months receptionist pay. But, again, on average it will reduce discrimination on grounds or race or gender.

The benefits of the stochastic life are clear. It is quicker and cheaper than almost any other system. The results are guaranteed to be fair (across the population). And it is impossible to cheat or influence.

What's not to like?

Computer designers often strictly gender the components they create. The most obvious example is the motherboard - the central hub of the computer from which all electronic life descends.

As well as circuit boards (often called daughter-boards) - cables are also subject to strict gender rules.

The convention is that the part with the most obvious protrusion is assigned as "male" - it then slots tightly into the "female" port. Thus consummated, a meaningful exchange of data can be conducted. Once in a while, a complicated relationship between machines and cables necessitates the use of "Gender Changers" to allow a cable to masquerade as its opposite half.

Originally, many of the sockets on a computer were of mixed gender. A male serial port nestled next to a female VGA port.

However, in most modern machines, all the ports are female. Sitting helplessly until their void is filled with a male cable - Ethernet, audio in and out, SATA for disks, VGA or HDMI for display - all female connectors allowing a vast pantheon of male cables penetrative access to the motherboard.

The most common cable/port pairing by any measure is USB. The ubiquitous connector continues the phallic metaphor by including a preputial sheath - or foreskin.

USB's "shield" is not designed to be electrically connected or to transmit data - its presence is solely to protect the delicate electronic head from damage - just as the animal foreskin protects the glans of the penis.

It's an ingenious design, and mimics the evolutionary nature of the mammal to great effect.

All of which brings us on to Apple's new proprietary cable - Lightning.

Despite the presence of fine and fragile electronics, the head of the cable is completely exposed!

If we compare the lightning male cable to a selection of USB standards, the difference becomes apparent. <img alt="Lighting, Mini, Micro, & USB 3.0 plugs" src=https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/Lighting%2C_Mini%2C_Micro%2C_%26_USB_3.0_plugs.jpg/1280px-Lighting%2C_Mini%2C_Micro%2C_%26_USB_3.0_plugs.jpg" width="512" /> The USB cables take the natural approach of giving protection to the male part - whereas Lightning can only be described as circumcised. Each contact subject to the harsh and unforgiving environment.

Why is this the case?

The man chiefly responsible for the USB spec - Ajay Bhatt - was born in India where rates of male genital mutilation are low. It is only natural, therefore, that his impression of how the masculine part should look would reflect his own anatomy.

Contrast this with Lightning. Although Apple refuses to share the name of the man who invented it, it is well known that circumcision is the most common procedures performed during hospital stays in the U.S. with over 2/3rds of men being surgically altered.

Apple's love of American design combined with the prevalence of cosmetically altered penises in America, is almost certainly the driving force behind the "naked" appearance of the Lightning connector.

The fact that the Lightning connector can be inserted either way up inside a female port perhaps also speaks to the popularity of certain sexual positions in that country. But such matters are far beyond the scope of this blog post.