A Dockery of a sham

(This is a bit ragey. I’m not gonna link to anything/anyone, and I wasn’t even there, but this attracted my ire)

Tired of people hating on @Docker giving out @yubico Yubikeys at their conf. Yes it’s trusting USB devices at a conference, which us jaded security types are all “this is dumb and terrible, noobs” but really. This is a company working with the maker of the USB security device to give them to people at THEIR CONFERENCE to tie in with a security feature they’re adding to a product THEY MAKE that everyone has been complaining about it not having enough security. What do you want security industry. To cry down every attempt to make things better because it’s not perfect?

To sit on your high thrones of perfection about what you would or wouldn’t do in your plain text email, noscript browser, or help the masses get better.

Yubikeys make things better. 2FA makes things better. They’re not 100% but then, nothing in this life is.

Okay, let’s go full security joy here. What’s the threat model here? Docker are trojaning every attendees machine to what? Encourage them to use their product? Hope to pivot to an investors laptop and then get another round of funding from it?

Please applaud Docker’s efforts, not mock them.