back to article It's time we add friction to digital experiences and slow them down

Before he woke up on the first day of February, one of my friends was robbed. Thieves came in, found more than $90,000 in cash stuffed into a few wallets, helped themselves to it, and escaped. My friend never heard a thing – because this heist happened electronically. A combination of poor password hygiene and weak security …

  1. jmch Silver badge

    Flash crash

    The wall street flash crash comes to mind here of what can happen with unsupervised computers screwing up.... they can screw a lot of things up very very quickly!!

    Absolutely makes perfect sense to have more controls for actions or transactions that have bigger consequences. That is already the case for many offline or online transactions, eg if I withdraw £100 from an ATM it happens immediately, but there is a limit on withdrawal. large transfers of a few £k can be ordered online but done usually on next business day. Anything above that eg buying a house usually involves multiple human interventions.

    1. Neil Barnes Silver badge

      Re: Flash crash

      Moving large quantities of cash between banks (in different countries) for a recent house purchase required my presence in the branches with government provided ID. A bit of a pain but understandable and I think a worthwhile check. Smaller amounts between countries are a simple bank 2FA log-on, with a further 2FA for the transaction itself in many cases.

      Though it does amuse me that my bank will cheerfully open my credit card website and log me in using my credentials from the bank site, but requires multiple further 2FA checks when I actually try and pay off a credit card balance from the same bank...

      1. cyberdemon Silver badge
        Devil

        Tom Cruise to the rescue

        Watched Mission Impossible 2 the other day. That's 2 hours of my life i'll never get back..

        It's er, the one where a pharmaceutical company produces an artificial supervirus and the drug to cure it, by "splicing different viruses together"

        Anyway, there was a scene where the company was forced to transfer an enormous amount of money (47 Million Dollars!) to some common/garden terrorists, but it took a comically long time, as if each dollar were being transferred individually.

        Long enough for the saviour of scientology to come along and save the day, as he does..

        At that speed, Elon Musk would need to wait several months for his pay packet to arrive

        1. I ain't Spartacus Gold badge

          Re: Tom Cruise to the rescue

          The other great thing about films, is that there's always a handy timer. Bombs always tell you how long you've got - and so do computer transactions. And none of this Microsoft random progress bar bingo either. Sitting on 93% for two hours and then completing in 3 seconds. Films play fair. The terrorist is never to ungentlemanly as to have the bomb go off when it's on 3 seconds left to go. Unless you cut the blue wire, and then the timer suddenly starts counting down at double speed.

          Although if you just happen to be a bit too nerdy about things. Ahem! Then you'll see the clock says 15 seconds, the camera cuts away to 10 seconds of our hero tracing wires and chatting, and then cuts back to the timer on 12 seconds.

          A bit like watching the Superbowl. A minute of play time in the 2nd quarter might actually last two or three minutes. By the end of the 4th quater, a minute might include 2 30 second time-outs, a couple of official decisions, some random wandering around, and if you're lucky, a minute of actual play. Overall lasting 10 minutes. That's when you might regret all those margaritas, and consider making some coffee...

          1. jdiebdhidbsusbvwbsidnsoskebid Silver badge

            Re: Tom Cruise to the rescue

            "The other great thing about films, is that there's always a handy timer. "

            And if the scene was realistic, the computer would be running windows (because most companies do) and Tom Cruise's lines would be "it's ok, we've got 11 hrs to cancel this transfer, oh, now just 2 hours but that's still loads of time, heck it's now only 5 seconds! Phew, it's stopped now, or has it frozen? Is this touchpad working? Now it's closed, did that cancel or did it happen?"

            https://xkcd.com/612/

            1. Neil Barnes Silver badge

              Re: Tom Cruise to the rescue

              Evil Overlord Rule #215: If I ever MUST put a digital timer on my doomsday device, I will buy one free from quantum mechanical anomalies. So many brands on the market keep perfectly good time while you're looking at them, but whenever you turn away for a couple minutes then turn back, you find that the countdown has progressed by only a few seconds.

              (and also, any timer will expire at 17, or 123, or any other number of my choosing)

        2. Jedit Silver badge
          Trollface

          "Elon Musk would need to wait several months for his pay packet to arrive"

          When are you going to describe the problem?

        3. Neil Barnes Silver badge

          Re: Tom Cruise to the rescue

          Aye well, the transfer from the UK to DE, including the conversion to Euros, was completed in twenty minutes. The transfer from one account to another within the same bank in DE took 24 hrs...

          1. I ain't Spartacus Gold badge

            Re: Tom Cruise to the rescue

            When I lived in Brussels, in 2001 when the Euro came in, it was cheaper and quicker for me to move money from Blighty to my Belgian account - than it was to send money to an account in say France or Germany. The UK bank didn't charge me a fee, only a slightly adverse exchange rate. The Belgian bank charged me a small fee for any transaction, and added a big chunk to send money abroad - even though we were in a single currency zone. Those fees were even worse if you were dealing with German on French banks - the Belgian banking system was rather enlightened and had superb customer service.

            1. captain veg Silver badge

              Re: Tom Cruise to the rescue

              Whatever might have been true in 2001* certainly isn't now. Even in Andorra, which isn't a member of the EU, shifting euros across the border costs precisely nothing.

              -A.

              *Of course, in 2001 the Euro hadn't really "come in". That happened in 2002.

              1. I ain't Spartacus Gold badge

                Re: Tom Cruise to the rescue

                Of course, in 2001 the Euro hadn't really "come in". That happened in 2002.

                True. I came back to Blighty for my Christmas holidays - and blow me if when I got back home again the notes and coins hadn't all changed... It was enough of a shock when they didn't accept Her Majesty's pounds shillings and pence when I first moved there...

                It was a bit confusing, as I only moved there in October, so I had a very few months to get used to the Belgian franc, before having to learn Euros - which to be honest was a lot easier to calculate. I saw a survey done by the European Central Bank about 3 years ago that had about 60% of people still converting Euros in their head back to whatever their original currency had been, whenever they did a large transaction. Which I'm sure is one reason why there was a general perception that changing to the Euro had led to vast inflation, that was being covered up by the evil Eurocrats. If you talk to older Brits it's often said that decimalisation was also used as an excuse to sneakily raise prices, so it's probably a common reaction. Although that happened in the 1970s, so inflation was a bit higher than in 2002.

                It took about 3 years, and I think threats of competition law, to make the banks finally relent and stop charging for transfers within the Eurozone.

          2. captain veg Silver badge

            Re: Tom Cruise to the rescue

            > Aye well, the transfer from the UK to DE, including the conversion to Euros, was completed in twenty minutes.

            > The transfer from one account to another within the same bank in DE took 24 hrs...

            Well, the fact that there is money conversion involved implies fees and differential exchange rates. Ker-ching!

            Rest assured the EU has this in hand. Yes, really.

            https://www.europarl.europa.eu/news/en/press-room/20240202IPR17318/ensuring-euro-money-transfers-arrive-within-ten-seconds

            It's great, the EU, isn't it?

            -A.

            1. Anonymous Coward
              Anonymous Coward

              Re: Tom Cruise to the rescue

              This EU needs and enema!

            2. Handlebars

              Re: Tom Cruise to the rescue

              The conversion and international transfer was much faster than the inter-account transfer within the same German bank.

        4. DS999 Silver badge

          Re: Tom Cruise to the rescue

          Yes it is hilarious that movies always have a "progress bar" of sorts for money transfers, and show the total being slowly incremented - more slowly when it is necessary for the plot (i.e. they have people shooting at them but they can't disconnect their computer and run for their lives until the transfer is complete!)

          Its as if computers in Hollywood only have an increment instruction but not an addition instruction.

          1. I ain't Spartacus Gold badge

            Re: Tom Cruise to the rescue

            Hollywood computers display several common attributes:

            They mostly don't have mice. You look much more computery if you're typing at 100 miles an hour, than if you just click on a few menu items.

            Progress bars for everything. Including deleting files, giving the goody time to race you and print them off before they can disappear.

            Messages that come on screen one word, or even character, at a time.

            And a friendly little beep each time one appears on the screen.

            1. Little Mouse

              Re: Tom Cruise to the rescue

              ...and username & password characters are always 10 times normal size.

            2. DS999 Silver badge

              Re: Tom Cruise to the rescue

              And they rely on satellites far more than real computers do.

  2. An_Old_Dog Silver badge

    Ain't Gonna Happen ...

    ... unless everyone goes in on this. That will not happen, because in a world with high-friction and low-friction transaction channels, the economic winners will be those who use the low-friction channels.

    On the low-money end, they'll be the ones who get the best Internet deals, because they could complete their transaction (pay off the seller) before the guy or gal using the slower, high-friction channel.

    On the high-money end, they'll be the ones who make the most money on the stock, currency, and futures markets, because their transactions complete a fraction of a second (or multiple seconds, or multiple minutes) faster than the high-friction-channel users, before the market changes (yet again).

    Why else are traders and brokerage houses screaming for systems with lower latencies, paying fortunes to get and maintain them, and paying fortunes to be connected to the same subnet, and same switch as the computers processing all this data?

    There are tonnes of people who choose potential profits over security.

    1. jmch Silver badge
      Facepalm

      Re: Ain't Gonna Happen ...

      "There are tonnes of people who choose potential profits over security."

      ...and that will continue to happen for as long as they are allowed to reap the profits while passing on the losses

    2. Ashentaine

      Re: Ain't Gonna Happen ...

      That's the unfortunate truth, convenience will always trump security for the average person. Providing a faster and hands-off experience is always going to be more attractive because people are inherently lazy and would rather have mundane tasks completed quickly rather than ensuring they're done safely (and yes, I'm including myself in that lot as well). Give the average person a choice between using 2FA and manually entering their details and going through a basic security check, or just dumping all their credentials into a one-click solution presented to them and just presuming that it's going to be fine and never end up being compromised and they don't have to worry about it anymore, and they'll always go for the easier option.

      It's never a problem, until it is a problem.

    3. Herring` Silver badge

      Re: Ain't Gonna Happen ...

      Ah. High Frequency Trading. Making money by exploiting millions of tiny arbitrage opportunities. Because it's easier than doing anything constructive.

      1. theOtherJT Silver badge

        Re: Ain't Gonna Happen ...

        Always my answer on the perpetual "What one thing could we ban to instantly make the world a better place?" question.

    4. AndrueC Silver badge
      Happy

      Re: Ain't Gonna Happen ...

      Why else are traders and brokerage houses screaming for systems with lower latencies, paying fortunes to get and maintain them, and paying fortunes to be connected to the same subnet, and same switch as the computers processing all this data?

      It's more because they can make a profit from price changes. It's all about exploiting the delay between a purchase and the effect of that purchase being reflected in the market place.

  3. sabroni Silver badge
    Boffin

    unfettered access to the digital wallets in which he stored cryptocurrency.

    Oh good, nothing of any actual value was lost then.

    1. Graham Cobb

      Re: unfettered access to the digital wallets in which he stored cryptocurrency.

      The issue here is to educate people and stop people pushing financial scams (just like we stop people pushing drugs).

      Cryptocurrency is a toy. A game. It is clear to most of us who post here that, like share trading, you should never invest money you can't afford to lose and that you should transfer any gains out into a safe form.

      If you can afford to lose 90,000 then there is no need for speed bumps, brakes, etc. If you can't afford to lose it then don't play with it.

      I doubled my money on cryptocurrency a while ago; I invested 5000. When it doubled in value to 10000 I transferred 5000 back into real money. At that point I was quids-in - I had made my initial investment back and anything more was profit. It doubled again and I transferred another 5K back into real money. The remaining 5K has gone down a bit but I don't care: I doubled my money.

      Oh, and by the way, I paid tax on it.

  4. Lee D Silver badge

    Or users could just follow established best practice, keep their cryptocurrency wallets locked, encrypted and offline, ensure proper password hygiene and implement sensible update practices.

    But, no, let's SLOW EVERYTHING DOWN because people are too dumb to follow even basic security practices to secure $90,000 of digital assets.

    Imagine if your bank said "Sorry, we lost your $90,000 savings because we don't have doors on our safes, the password to the box with the money in was 1234 and we haven't updated our CCTV since 2000."

    You'd be up in arms.

    1. DuncanLarge

      Slowing down the password hash functions to confirm a correct password is standard security practce to make brute forcing attacks expensive.

      iPhones take it further making you wait hours or days before getting another chance to try a PIN.

      That is established practice, not matter how good your passwords are, a system that doesnt add delays into the password hash functions etc means the difference between trying 1000 passwords a second and 100,000,000

    2. DS999 Silver badge

      Because average people don't understand "basic security practices"

      And those who do also understand that even if they take even precaution possible they might still be robbed, because computer security is nowhere near as good as physical security (i.e. for money/valuables held inside your bank)

      Comparing it to a bank losing your deposit is ridiculous though. In that case you are relying on an expert, and in addition you know that expert has the government standing behind them (at least up to $250,000) if your trust in them is misplaced. Putting your money in a digital wallet does not give you the same assurance of expertise from either the app vendor, or the OS/device vendor (Apple, Google, Microsoft, Samsung, Dell, etc.) nor is there anyone standing behind them if they fail.

      So if someone breaks into your online bank account and steals $90,000 the bank may want to pin the blame on you, or on Microsoft, or anywhere but themselves because they have decades of experience protecting assets inside their walls but the digital world is almost as new to them as it is to their customers so they don't feel any more confident that they are doing everything right than even those customers who follow not only "basic security practices" but even the most paranoid practices.

    3. J.G.Harston Silver badge

      Hey, that's the same code as my luggage!

    4. AndrueC Silver badge
      Boffin

      Imagine if your bank said "Sorry, we lost your $90,000 savings because we don't have doors on our safes, the password to the box with the money in was 1234 and we haven't updated our CCTV since 2000."

      Well I'd be shocked and surprised that my bank was keeping my savings in its vault ;)

      That's not how banking has worked for hundreds of years. When you deposit $90,000 in a bank what you're actually doing is giving them $90,000 in exchange for a promise that should you ask them for some money at a future date they will give you some of their money. Once deposited the money belongs to the bank and you are reliant on contract law and possibly their good will if you want to get it back ;)

      I wouldn't expect any bank to just leave the money to rot in a vault. I'd expect them to use it to make more money. If I'm lucky I might even get a decentpaltry cut of the profits in the form of interest.

  5. Doctor Syntax Silver badge

    From the opening paragraphs it appears that the laptop was left running overnight. So there's one way of introducing friction, right there: switch it off when you're not using it.

    1. myhandler

      And adding a few minutes delay to any of the theft transactions would have made zero difference.

  6. elsergiovolador Silver badge

    Long

    How long would you like to wait today?

    1. Version 1.0 Silver badge
      Meh

      Re: Long

      I was going to say "Time is an Illusion" but these days with data access via internet speeds ranging from 25 Mbps to 5,000 Mbps we see far more "problems" than the old days with 300 or even 1,200 bit/sec data rates. Upgrading the internet has been seen as very nice ... but driving on the motorways is much safer with a 70mph speed-limit than pushing the speed-limit up to "only" 1000mph.

      1. claimed Silver badge

        Re: Long

        Speed of light hasn’t changed, more like the rate. So driving on the motorway with a limit of 100cpm vs 1000cpm (cars per minute)

  7. Howard Sway Silver badge

    So let's get this straight....

    Your friend decided to put his money into cryptocurrency, stored it on a badly secured Windows laptop, and connected it to the internet. It then got robbed, which means that now you think that the way to prevent this happening again is to slow everybody else's computers down? No thanks, tell him to use real money and keep it in a bank in future. They do have the sort of checks you're suggesting on large transactions.

    No need to remodel the entire digital world, just because of the naivety of foolish crypto believers.

    1. AMBxx Silver badge

      Re: So let's get this straight....

      Careful - it was 'his friend'.

      Bit like 'asking for a friend'

  8. StewartWhite Bronze badge
    Mushroom

    THIS!!!

    Excellent article that unfortunately most people will not read/understand/action. The pointless obsession with often irrelevant CPU speed is a good example - who cares if an on screen task takes 0.6 seconds rather than 0.7 seconds!? It's the same kind of nonsense that idiots with too much money spout when buying Bang & Olufsen - they really can't hear the difference but want to show off by pretending they can.

    Maybe we could all start by being professional and push back whenever we're asked to do something quickly and badly rather than doing a good job in the time that it actually requires (because if you don't the fool that asked you to do it will as sure as can be make you the fool when the proverbial hits the fan) or maybe that's too much to ask? Probably the latter as most people seem to prefer an easy life to a good life.

    1. Gene Cash Silver badge

      Re: THIS!!!

      > The pointless obsession with often irrelevant CPU speed is a good example - who cares if an on screen task takes 0.6 seconds rather than 0.7 seconds

      I have to wait for my OpenSCAD model to render. I have to wait for my slicer to finish processing my STL and send it to the printer. I have to wait for my video editor to do just about anything because throwing large numbers of video frames around is a lot of work.

      CPU speed is not irrelevant.

      It sounds like you don't use your computer to do actual work.

      1. StewartWhite Bronze badge

        Re: THIS!!!

        So you'd rather have an incorrect result (witness terrible caching results in MS365 where as an admin you get messages such as your change has been made but it hasn't really because it might take up to 24 hours to take effect) and "save" 0.1 of a second on screen than have the correct response returned?

        The point is that producing incorrect results quickly versus correct results in a reasonable amount of time should not even be a question. If returning results in 1 second rather than 10 seconds is important (which it often but not always is) then CPU performance MIGHT be part of the solution but often writing better code in the 1st place obviates the need for a caveman style brute force approach of just throwing more hardware and money at it.

        1. Zack Mollusc

          Re: THIS!!!

          The trillions spent on AI would indicate that returning erroneous results is not a problem.

        2. Anonymous Coward
          Anonymous Coward

          Re: THIS!!!

          The examples that Gene gave are concrete examples of why CPU speed is absolutely NOT irrelevant. You seem to be making the false dichotomy of "fast or correct". When it comes to local computing, "both" is a quite reasonable answer; for something involving multiple systems (like your MS365 example), it will naturally take longer, and the fix is a corrected status message. ("Change made, please allow 24 hours to take effect.")

          You also seem to have entirely missed the point of the article - it's not about obsessing over fast CPU speeds, but about intentionally putting in slowdowns for critical items, like the transfer of significant amounts of money.

        3. doublelayer Silver badge

          Re: THIS!!!

          They did not say that and you just made that up. The point of increasing CPU speed is to get the right answer faster, not any answer faster. If the code is producing incorrect answers, nothing about the CPU's speed will fix it.

      2. cyberdemon Silver badge
        Trollface

        Re: THIS!!!

        > I have to wait for my OpenSCAD model to render. I have to wait for my slicer to finish processing my STL and send it to the printer.

        At least you have the luxury of being able to press F5 for a quick render, and get to preview the toolpath in the slicer!

        I, of course, use OpenSCAD on the command line, and send the output directly to the printer, so I have to wait hours and waste lots of plastic if I get any geometry wrong.

        I plan to waste additional time by dispensing with OpenSCAD entirely, instead typing G-code into the printer manually with a Teletype.

      3. DuncanLarge

        Re: THIS!!!

        CAD worked just find 20 years ago on systems that had only just busted through the 1GHz barrier.

        Much of your software is so bloated and inefficient you have to have multiple cores just to conteract it.

        Only a few algorithms actually benefit from faster CPU's such as raytracing, for that your really should be using a GPU anyway. CAD is only needing it because of two reasons, acutal new processes or requirements or bloat, UI bloat, unoptimised code.

        If CPU's are so fast why does it take 10 mins to log into windows 10? What is it doing? Nothing useful, trust me I've looked into it.

        1. doublelayer Silver badge

          Re: THIS!!!

          "If CPU's are so fast why does it take 10 mins to log into windows 10? What is it doing? Nothing useful, trust me I've looked into it."

          Probably nothing useful, because my computer can manage it in about two seconds. My really cheap computer can manage it in about two seconds. My old computer that shouldn't be running Windows 11 according to Microsoft can manage it in about...2.5 seconds. So if your computer takes ten minutes, one of two things is the case:

          1. It's not Windows. It's something that's starting at login and doing so badly, which might be something you intend to start or a big stack of malware.

          2. Your computer has a problem, probably a disk problem.

          Look into those.

        2. jdiebdhidbsusbvwbsidnsoskebid Silver badge

          Re: THIS!!!

          "Much of your software is so bloated and inefficient you have to have multiple cores just to conteract it."

          Yup and yup so many times. I got into CAD at home a few years ago and my first foray was using a web based system via a browser. The 3d rendering was slow and clunky, which I put down to my very old laptop not being powerful enough. I was close to blindly buying a new laptop in the pursuit of ever more flops when I simply tried another browser instead. Result: worked perfectly on the other browser, I never looked back (and still use that same old laptop now).

          And yes, both browsers were modern and up to date.

        3. Ian Johnston Silver badge

          Re: THIS!!!

          If CPU's are so fast why does it take 10 mins to log into windows 10?

          Linux Mint takes about 30 seconds to start on my old Thinkcentre. It has two 2.8GHz cores and a SanDisk SSD with transfer speeds of ~0.5GB/s. So, what combination of doing 168000000000 things and reading or writing 150GB needs done to get the system running?

          1. doublelayer Silver badge

            Re: THIS!!!

            You know that a lot of instructions are burned waiting for data to get to the CPU just from RAM, and that you have to put a lot of data into RAM from the disk which takes even more instructions, and that read speeds are reported for large, continuous reads, not reads of small files? I don't want to state the obvious if I'm missing a rhetorical question here.

    2. Dave 126 Silver badge

      Re: THIS!!!

      Actually people tend to buy Bang and Olufsen because whilst they can't see what's wrong with with British-made large oblong speakers, their partner keeps protesting that they are a bloody eyesore and that the room decor would be less disturbed by some something more svelte and Scandinavian. If the first partner is then foolish enough to retort they also would also prefer something more svelte and Scandinavian around the house, they are liable to have something thrown at them. Hopefully not a Bang and Olufsen remote-control unit, which tend to be heavy and made of metal.

      1. Anonymous Coward
        Anonymous Coward

        Re: THIS!!!

        B&O just makes pretty stuff, any industrial designer can appreciate that.

        Even me, despite having large black boxes as actual speakers and more black boxes as audio sources, so the B&O just sits on the shelf and looks pretty, as a decoration piece. Used ones are dirt cheap so why not, it is a lot prettier than a vase or a painting would be. It works, but that's not the main function of it.

        Beocenter 9000 just looks good, proper space age sci-fi looks. :) And yes, the remote control for it is an aluminium cast unit, around a pound or so. Getting hit by one means easily a trip to a hospital, try to avoid that.

      2. tiggity Silver badge

        Re: THIS!!!

        Could go for the British made non oblong Nautilus speakers. They are about as non oblong as you can get*

        https://www.bowerswilkins.com/en-gb/product/loudspeakers/nautilus-series/nautilus/FP10293P.html

        *Yes I want them, no the household budget will not allow it.

    3. Dave 126 Silver badge

      Re: THIS!!!

      Cmon guys, let's not nitpick what @StewertWhite said... we can all think of games, simulations and other tasks that do tangibly benefit from faster CPUs, but we should also acknowledge his broader point that beyond certain thresholds a faster CPU doesn't matter for a lot of users.

      A nice responsive user interface benefits lots of users - and thankfulky the threshold of clicking an icon and getting a near instantaneous response have been passed some time ago for most of us. At that point, the user experience might be better served by spending the money on a better trackpad, a bigger battery or a higher resolution screen, or whatever else makes the system as a whole (including the user) work better.

      It is a little bit odd that he choose Bang and Olufsen as a counter example though... most of their stuff was not sold on sound quality alone, but on 'system as a whole' considerations, such as multi-room audio functionality, ease of use, and, yes, visual aesthetics. You could get kit that sounded as good for much less money if you didn't mind having some bulky black boxes and more cables in your house.

      1. DuncanLarge

        Re: THIS!!!

        > A nice responsive user interface benefits lots of users - and thankfulky the threshold of clicking an icon and getting a near instantaneous response have been passed some time ago for most of us.

        Anyone not running windows, yes.

        The number of times I've seen windows explorer get into an unresponsive state, then gets killed by some watchdog, only to be responsive for a few seconds then enterst the unresponsive state again and the cycle repeats.

        The usual fixes?

        sfc /scannow?

        DISM /Online /Cleanup-Image /RestoreHealth?

        Nope...

        1. Anonymous Coward
          Anonymous Coward

          Re: THIS!!!

          Excel was doing that to me last week. Runs fine for a couple minutes, then all windows freeze for 10 seconds, then it continues like it never happened. I suspect something having to do with autosave. But wasn't "saving in the background so the UI doesn't freeze" something we mastered 2-3 decades ago?

    4. The Central Scrutinizer

      Re: THIS!!!

      You can have good, quick or cheap. Pick any two.

  9. Zack Mollusc

    just use website technology

    Use of industry standard website coding techniques would stop these attacks.

    Pretty hard to download someone's bitcoin wallet when every request is intercepted and redirected and requires the execution of 3Gb of javascript, solving of 12 Captchas, consenting to tracking and watching 20 minutes of advertising before timing out and making you start again.

    1. Mike 137 Silver badge

      Re: just use website technology

      "Use of industry standard website coding techniques would stop these attacks"

      We have de facto standards already -- they consist of doing absolutely everything in javascript whether or not it's strictly necessary (rendering images for example) and then building pages from assemblages of script fragments from multiple sources on the fly. The resulting unverfiable chaos is indeed an industry standard -- just a very unsafe one.

  10. Tron Silver badge

    Swings and roundabouts.

    My connection isn't that fast and often drops. I don't need it to be any slower. But if someone tried to hack data from my PC I would notice. I can tell when another family member is watching cat videos on Facebook. I wouldn't be able to with fibre.

    2FA is a pain in the backside. It offers some security, but adds an extra layer of potential failure. One of the UK's mobile phone networks repeatedly failed over the last few days, blocking users from being able to 2FA purchases or do FA on their phones.

    I had to remove my landline as a 2FA option as using it would break my net connection. I should have been able to leave it as an emergency number for security only, but that option was not offered. Soon it will be axed to save BT a few quid and allow the state to spy on everyone's VoIP conversations without the warrants they require for telephony. This removes a reliable, in situ communications network that could easily have been developed and repurposed - perhaps as an internet for kids with whitelisted content. We are governed by morons.

    We can only rely on 'digital' if it is resilient (it isn't) and it works well (it doesn't).

    My bank requires MFA to make a bank transfer, which is an even greater pain in the arse. So I use other means to send cash.

    Bad idea to cite other 'slow...' things as many of them are only favoured by activists, and resistance to them will increase.

    As everything in Brexit Britain is declining as if the Romans have just left, and the state are targeting all of our internet services, our internet experience may become slower and less useful in the future anyway.

    Ideally, anything you don't want pinched should be kept offline and physically hidden.

    1. doublelayer Silver badge

      Re: Swings and roundabouts.

      "This removes a reliable, in situ communications network that could easily have been developed and repurposed - perhaps as an internet for kids with whitelisted content."

      I can't say I like that idea. You want an internet for kids, you build one, but you don't need your own wires for it. What would be the point of that? Just to make your new internet tremendously more expensive and unavailable than using the same wires the normal internet uses? Don't expect me to embrace any part of the idea, either. I don't see trying to slice the network into pieces as going anywhere useful.

  11. DuncanLarge

    Totally agree

    I totaly agree.

    What drives me mad is that with all this wasteful multi-core GHz and fast insecure connectivity methods like thunderbolt (oh, it becomes secure if you run additional software, which you can just disable) is the fact that the primary use of this power is to hide the lazyness and inefficient coding, non-existent testing and downright terrible design choices of people who only muck this stuff up because it is cool to look "new".

    Take systemd for example, totally bonkers design made by a laptop user and foisted upon everyone by default even on a server. Unpredictable, non-repoducible boots and shutdowns. My home PC boots in unpredictable amounts of time because of it and it may take several mins or less than a second to shut down just because systemd is systemd.

    My 486 was bloody faster :D

    1. The Central Scrutinizer

      Re: Totally agree

      Your 486 was a dog of a machine.

      If you are having the problems you say you are, then you clearly have hardware issues. Systemd is just your scapegoat.

      1. Anonymous Coward
        Anonymous Coward

        Re: Totally agree

        Possibly, but not always.

        There was a time circa RHEL 7 and/or 8 when systemD would get confused and stall/spin on a task during shutdown for minutes++ at a time. Coin flip whether it would happen to us on any given reboot.

        Same hardware booting other systemD-free OSes had no such problem.

        It seemed to get better over time in later releases, though we could never point at a specific fix or version that eliminated the behavior altogether. Presumably whatever systemD dependency tree boondoggle or just outright code bug got sorted eventually.

  12. CloudKickOff

    This makes a lot of sense to me in principal but I struggle to understand what that gate would look like in practice beyond the options we have today.

    As the interface is required to be between a human initiating a transaction and a digital system, processes like password checks can always be sidestepped; a bad actor could reset the expected password, or could modify the code the not require a valid password.

    It seems that the proof which allows the transaction or process to occur needs to be integral to the process itself.

    This sounds to me a lot like the developing block chain technology, and either people need to use external physical devices in their possession or have the mental capacity to remember sufficient cryptographic information.

    That, if anything, is the only way forward I see, and people need to sacrifice the convenience of password managers if they want to secure their actions.

    1. Anonymous Coward
      Anonymous Coward

      My thought is the gate would be a human one. Any transaction over $___ requires the bank to call the account owner, at the number registered on the account, to confirm the transfer. Part of that call is **BOTH** sides authenticating - for instance, the bank can display a one-time code on the site that their representative has to give the account owner (to prove it's really the bank calling), before the account owner proves their own identity. (Increasing that value or changing the phone number on the account also requires this process, or being physically present with photo ID.)

      Yes, a royal pain, but worth it. For me, I'd like the limit set at $5000. Plenty to pay off any credit card bill or other expense without triggering it, but I want my bank to call to confirm the $125,000 transfer out of my account! (House down payment, yep, that was legit.)

      1. Richard 12 Silver badge

        If $4999 is instant, the miscreants can just make that transfer 25 times...

        1. Ian Johnston Silver badge

          Daily limits.

      2. Ian Johnston Silver badge

        I can set just such a limit on my RBS account. By default it is £1000 - if I try to transfer more than that in a day I have to call them to confirm.

      3. I could be a dog really Silver badge

        requires the bank to call the account owner

        And when the criminals have simply cloned your SIM* and hence are able to answer the call ? Same problem with any mobile based 2FA - there are side attacks that can bypass it.

        * There are various techniques that will put your phone number in the hands of the criminals.

  13. RayK

    NAW!!!! Speed it up at all costs!

    Naw! Speed it up at all costs!!

    Gotta hurry up and get past all this shit that is littering the road ahead. Need to sprout wings and fly over it and the sewer of contemporary culture from which it all springs.

    So sad that we have started to pollute the entire universe with our collective shit - the Voyager probes are now hurtling out into interstellar space with software and data stored on..., drum roll, please,... 8 track cassette tapes!

    AND with an invitation to unimaginably advanced, space traveling civilizations that will find them, to come find us - as if they have not already done that 100's of melinia ago, and again and again, ever since then...

    Cut the crap and bend over and kiss your ass goodbye, 'cause unless we accelerate to warp 9 and start using the full capabilities of the current evolutionary stage of our species' brains ASAP, we are doomed.

    Choose your poision from among the myriad that are going to soon extinguish us. Those of us who are in the know about the urgency to speed up, better jump into an Einstein-Rosen Bridge and escape - ASAP

    1. Ian Johnston Silver badge

      Re: NAW!!!! Speed it up at all costs!

      the Voyager probes are now hurtling out into interstellar space with software and data stored on..., drum roll, please,... 8 track cassette tapes!

      Actually, the Voyagers used custom-designed and built reel-to-reel digital tape recorders for data storage. No cassettes, although they did have eight tracks.

      https://hackaday.com/2018/11/29/interstellar-8-track-the-low-tech-data-recorders-of-voyager/

  14. RayK

    PS: Screw you and your wallet-loosing friend

    Screw you and your wallet-loosing friend. What you espouse is no different than the insane level of screaming about the ills of AI that is so pervasive these days. Same level of stupidity that supporters of former US President Trump are famous for.

    What planet are you and your hapless friend on? Stolen wallets are their owner's fault. As last century's famed humorist, Will Rogers, said:

    Ignorance is forgivable because everyone is ignorant about something!

    To which, I add:

    - The overwhelming majority of our species is totally ignorant of the vast majority of things

    - In the face of what SOME OF US HAVE ALWAYS KNOWN about the importance of properly protecting critical digital assets such as wallets, not doing so is plain, outright stupidity - which is not only unforgivable, but quite often fatal or nearly so

    So, at the risk of sounding inarticulate or unchairitible, screw both of you. His losses are his just deserts. And the flaming stupidity of your writing, and the fatally flawed thinking behind it, are fatally toxic to anyone stupid enough to fall for your tripe.

    You see, as a species, our thinking is genetically predisposed to destroy any of us who do not recognize, and asiduouely guard against, the 20 or so, cognitive biases that plague the huge majority of us who are non-thinkers - especially the 5 cognitive biases that are absolutely fatal. Your article literally reeks of them all.

    Free, unsolicited advice to you and anyone who believes a single word that you have written:

    Stand aside, ye fools! We cognesenti be gett'n the hell out of Dodge City ASAP!

  15. Ian Johnston Silver badge

    It is a bit unfair to use cryptocurrencies as an example, since the entire field is one of hype, scams and incompetence. The whole point of them is to avoid government and regulation, so your friend has no grounds for complaint. He played a stupid game and won a stupid prize.

  16. EnviableOne

    Move Fast and Bloat things

    for the sake of speed a lot of corners are cut that lead to vulnerabilities, sub optimal performance and security and privacy issues.

    in the modern coding world (i hesitate to use the word programming) you pull in a whole library just for one function, you could write yourself in 2 minutes.

    this bloats the application runtimes and adds all the complexity and vulnerabilities from the library to the piece of code you just "created"

    this is why when people do things right, things become smalller quicker iverall and more secure.

    see openvpn vs wireguard

    also the tech industry really needs to sort its obsession with can we, and inject a momentary pause of should we in the conversation.

  17. amanfromMars 1 Silver badge

    Some things are intelligently designed and built for speedy generative advantage.

    It's nature's alien way of supplying rapidly evolving progress.

    It is though not without its troubling forks and exhausting cul-de-sacs in travels going forward from/into the future, and that makes it more than just interesting and exciting, rewarding and dangerous.

    GrahamC [2402151418] ...... shares a prize private collegiate view on https://www.nationaldefensemagazine.org/articles/2024/2/15/navy-command-control-is-all-about-relationships

    [Thank you. Your comment will may be displayed soon after reviewing.]

    Greetings, Allyson Park,

    Interoperability and interchangeability are indeed to be much prized and one cannot question nor deny the undoubted overwhelming advantage such a pleasant liaison would enjoy, however, and such is an abiding persistent threat and unpleasant increasingly expensive problem to fail to agree to amicably resolve with a novel mutually beneficial solution, if Uncle Sam is either unable or unwilling to understand and be fully prepared to consider making moves totally supportive of other allies and partners in programs specifically designed to provide massive aid to revolutionary progressive projects benefitting all, but which an entrenched and embattled and failing status quo would fear as too fundamentally disruptive to embrace and endorse ..... and probably, more accurately, also despise because of the new universal leaderships that such radical movements would then supply and driver, will such great progress still be rapidly made in these changed times of practically real virtual spaces and near instant universal communication albeit without leading US participation.

    There is no doubting that for the US would be a monumentally catastrophic fail of epic proportions resulting in colossal consequences of dire unknown worth.

    In a world of countless opportunities and myriad variations on a future course of action to follow, that is not one to entertain and suffer, methinks. It goes nowhere good and great with no chance of return, tremendously fast and furiously.

    Arriving late to the party, even if thought fashionable, has one always in danger of feasting on cold comfort cuts of picked over meats and supping stale ale rather than gorging on the best of caviar and champagne.

  18. ecofeco Silver badge

    And friction?

    Seems the tech companies are adding friction, bloat and obstacles all on their own and it will become a self solving problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like