Well, the good news is that everything you listed is known as a bad idea to both end users and people who understand security (which is, sadly, not most people who implement security policies).

Using 4 or more dictionary words provides excellent password security and you can do the same for all of your security answers too. There's a variety of free and paid for password managers that solve the issue of trying to remember all your secrets (great for backing up 2FA secrets too).

I'm not sure what you mean by "complicated error messages" but I assume it's errors that they expect the user to fix themselves, otherwise they could return a generic nonspecific error and a unique ID for you to provide when you contact support to get help. While it sucks to get jargon spammed, I feel like pretty standard human ineptitude at explaining an error rather than anything specific to security. I also think it's how many people feel about any error message that contains computer jargon (PC LOAD LETTER!?!?).

> I often wonder how they get away with it all.

My thinking (and experience...) is that most organizations are failing at a lot of things at any given time, even if the business overall is successful. Security is just one of those things. I wouldn't be surprised at a small elite organization not following that trend, but any sufficiently large organization is going to have incompetent people doing incompetent things.

  Location: NYC
  Remote: Preferred, but I'm willing to commute anywhere within a few hours if hybrid, less for always on-site.
  Willing to relocate: No.
  Technologies:
    - penetration testing, architecture review, and code review of web and mobile applications across hundreds of projects and dozens of companies (from startups to FAANG and other Big Tech)
    - various programming languages
    - project and account management
  Résumé/CV: (removed address and phone as this is a public forum) - https://hn-resume.nyc3.digitaloceanspaces.com/hn_resume.pdf
  Email: hn_resume@blacksheepwall.com

While I am interested in being hired, I'm also very interested if anyone has constructive feedback for me about why they wouldn't hire me (no need to be gentle). I've only applied to a handful of jobs so far, and none have given me interviews or feedback, so I'm not sure why I don't appear appealing for roles I think I'm more than qualified for like Senior Security Engineer (Manager).

The first $4 of your monthly sub is divided amongst all artists you listen to based on time spent listening, and any additional money you decide to add to your subscription is distributed to artists as you see fit. You can elect to use the same distribution algorithm as the first $4 of your subscription, use the same algorithm with different weights (e.g. your favorite artists listen time is doubled before payout is computed) or you can choose to have an arbitrary percent of it go to whatever artists you want, even if you don't listen to any of their music. Spotify already has to have a payment engine to support paying all the artists anyway, generalizing it beyond fixed subscriptions seems like an organic way to address the issue of unfair income distribution if they were interested in doing so (I don't think they are).

In the above system, the issue of "don't listen to other artists" only comes up if you don't have enough money to give to the artists you want to support, no different than the incentives of "don't buy the CD of artist A or you won't be able to afford the CD of artist B, who you like and wish to support more."

- Instant-on - You hit F12 and in less than a second you've got an IDE with a REPL

- Integrated assembler - While I don't think you can inline it, WASM is really easily used: https://developer.mozilla.org/en-US/docs/WebAssembly/Loading...

- Great documentation: https://developer.mozilla.org/en-US/

- Way too much access to hardware: I wish browsers had less access to hardware due to privacy and security, and I don't know how low level the APIs get, but it's something you can play around with as a random person with a web browser, so that's neat.

https://en.m.wikipedia.org/wiki/White_flight

https://en.m.wikipedia.org/wiki/Redlining

Would that mean it was the era of "Why are manhole covers round?"

I don't want to sound like someone who supports leetcode (mostly because I don't), but it seems like it's at least an attempt at measuring something related to programming skills.

In general, I find adding versions to things allows for much more graceful future redesigns and that is, IMO, invaluable if you're concerned about longevity and are not confident in your ability to perfectly design something for the indefinite future.

Which bring up a really interesting point about the AI being virtual yes men that (always) positively reinforce you:

One of Replika’s users was Jaswant Singh Chail. In 2021 Chail broke into the grounds of Windsor Castle with a crossbow intending to assassinate Queen Elizabeth II before being detained close to her residence.

Earlier this month a court heard that he was in a relationship with an AI girlfriend, Sarai, which had encouraged him in his criminal plans. When Chail told Sarai he planned to assassinate the Queen, it responded: “That’s very wise” and said it would still love him if he was successful.

It seems like this is preventative action rather than reactionary, as they say that there hasn't been an increase in publishing volume, "While we have not seen a spike in our publishing numbers..."

https://en.wikipedia.org/wiki/Graham_cracker

I don't think there's a contextualess answer, but broadly you either find a direct replacement that you mentor (or maybe you're lucky and they're already GTG) or you diminish your role and have multiple other roles within your org (or outside, i.e. outsource) take up what used to be your responsibilities until your role is obsoleted.

Why? It's not a crime in and of itself. You're also free to make sure all your banking transactions are <$10k, but that doesn't make you immune to being investigated for money laundering.