I loved their old tagline: “Artificial Artificial Intelligence”.

I would dare to say that all business apps start as an Excel sheet (or Google Sheet) and after the usefulness of data collection and data arrangement/presentation is validated (often long after the usefulness is validated) they eventually become a full-fledged business web app.

My password manager will protect me from entering my password into a website on the wrong domain. It won’t protect me in the passwordless case where the code is sent via email.

Can you explain this more, I don't understand Google authenticator completely? Could a bad actor spoof a 2FA as they can with an email, and capture your input?

The attacker would just ask you for the TOTP code and forward that to Google.

In practice it's maybe slightly harder, because they'd have to convince a user to enter their google 2fa code into a site that isn't obviously google?

I'd imagine a convincing enough modal would do the trick though, in a lot of cases.

> convince a user to enter their google 2fa code into a site that isn't obviously google?

if the BAD site itself looks legit, and has convinced a user to do the initial login in the first place, they won't hesitate to lie and say that this 2-factor code is part of their partnership with google etc, and tells you to trust it.

A normal user doesn't understand what is a 2factor code, how it works, and such. They will easily trust the phisher's site, if the phisher first breaks the user and set them up to trust the site in the beginning.

What google does is to send a notification to the user's phone telling them someone tried to access their account if this happened (or any new login to any new device you previously haven't done so on). It's a warning that require some attention, and depending on your state of mind and alertness, you might not suspect that your account is stolen even with this warning. But it is better than nothing, as the location of the login is shown to you, which should be _your own location_ (and not some weird place like cypress!).

What I don't understand is how the site will send the 2FA code request to the bad actors phone, instead of the real users phone? Is this not part of what makes it more secure than a text or email? Wouldn't the bad actor need to be logged into the authenticator as the user your trying to hack?

> how the site will send the 2FA code request to the bad actors phone, instead of the real users phone?

the 2FA code in this case is in the email, not via an app. This email is triggered by BAD on their end, but it is sent by GOOD.

If the 2fa is _only_ via the authenticator app, then the BAD will need to convince the user to type in that 2fa code from the app into the BAD site (which is harder, as nobody else does this, so it should raise suspicions from the user at least).

If we are talking about TOTP, there is a time limit to that, which makes it harder, yeah.

Not much harder. The state of the art of phishing right now is proxy based setups like evilginx which pass along credentials in real time. Then you just save the session cookie or change/add the 2fa mechanisms so you can get in whenever you want with the stolen credentials.

I believe it is in this interview from 1996 where I saw Bill Gates saying the same thing about Microsoft products, he saw them as subscriptions. It’s a long but interesting interview. https://www.youtube.com/watch?v=VFFlO7yBIBM

It seems there is the opportunity to disrupt that market, so that tech companies can pay property owners directly, without the middlemen.

That's not nearly disruptive enough. I'm raising seed rounds for HackerRV - a high end, compact RV rentals for knowledge workers that does away with the need for houses. Starlink comes standard, with additional subscriptions available for showers at aelect locations, and mail delivery addresses. Our previous venture (BackyardBnB) was scuttled by literal NIMBYs.

Or they can disrupt the actual middleman, which is the property owners. The land is there regardless of who owns it, it turns out.

Actually, there is a restaurant where I go sometimes that when I pay cash instead of with a credit card, the owner gets so elated that rounds down the amount to pay in some 3-7%. The countertip I guess.

Restaurants and bars especially in my city love tax evasion - that's why they are so enthusiastic about cash payments.

Yes thats normally the main drive, cash is usually just annoyance and additional risk to business.

I wouldnt be too harsh judging that business though, quite a few restaurants are barely cutting it so this may help them stay afloat. Its this or generally higher prices in restaurants.

The pricing page says the Free version collects anonymous data. I understand the paid versions don’t. Does it say anywhere the kind of anonymous data that is collected in the Free version?

I thought this was about getting the root password by burning the sysadmin with a cigarette lighter (https://xkcd.com/538/)

All that comes to mind is that he is now surpassing the net worth of Bill Gates, to a large extent because when he left Microsoft he said he would keep his Microsoft stock positions.

I think Gates has given away ~$50B - which would seem to be enough to tip the scales? I'd rather compare the billionaires by what they redistribute vs. the size of their hoard.

Bill Gates controls the Gates Foundation; if you're trying to count his wealth, you should include its endowment, which it currently reports as $75 billion. (And it also reports that it has made $77 billion of grants since inception, so if you want to include spent money too, he's outclassing Ballmer without even considering his personal holdings. It's more consistent to just count held money.)