@drwho
@beehaw.orgNo, that makes perfect sense. Thank you for explaining.
I like hearing about other people's environments, because it gives perspective.
I was starting college (comp.sci, natch) and a hard req for the program was "Your own personal computer, with an Ethernet card and an OS that had a TCP/IP stack for remotely accessing classwork." I didn't have a great deal of money (most of it was tied up in tuition and housing) and ethernet cards were expensive (I think I paid $140us for it at the time). I couldn't afford Windows and didn't have a warez hookup for '95. A BBS I used to call had Slackware disk images for download.
The rest, as they say, is history.
It's written in Rust.
All jokes about the Rust Evangelism Strike Force aside, various parts of the industry are finally starting to think that "If it's written in Rust, we have less to worry about with respect to that thing, so we won't torture the devs and force them to sneak it in the side door anyway."
It's a thing that I've been seeing at work for the last few years.
In case anybody's curious about what those are:
The biggest reason they use phone calls or SMS, however, is because they don't want to go to the hassle of getting an in-house MFA service (a TOTP backend, in other words), approved, pen tested, analyzed, verified... all things considered, it's faster and easier to go with a service like Twilio that already did all that legwork. A couple of years back I worked for a company in just that position, and after we did all the legwork, research, and consultation with the independent third party specialists trying to run our own TOTP would have easily doubled the yearly cost because of all the compliance stuff.
You joke, but...
(No, I will never forgive the college I went to for undergrad for forcing us to take two semesters of COBOL. Why do you ask?)
Which begs the question, how often do people really change their passwords unless they're forced to? This feels like the sort of thing that somebody should have studied.