@riskybusiness well yes but I suspect it's more biometrics to match person to copies of real world ID as opposed to biometrics as an authentication factor ( or to be pedantic to access a TPM/secure enclave on the device to sign a challenge )

@riskybusiness as for banks doing this I can't see it. Most banks in au are outsourcing digital ID validation. And the vendors in that space have on the surface a varying level of quality. And at the end of the day it's just checking government issued ID. And to make it work there is a push to throw biometrics into the retained data mix which is a worse outcome. I mean I can get a new passport or driver's license if it gets leaked, but new biometrics that's hard.

@GossiTheDog I can only guess that there was some corruption on copy somewhere in the transfer chain.

@GossiTheDog Totally, but the timing and the fact it's in a fairly commonly used Java lib is just a little triggering. of course if it is in something it'll be some kind of enterprise doc management solution.

@az that's a twist on the old I forgot my clothes at school anxiety dream

@davidgerard I have va theory that being boring is a key attribute of getting a social network off the ground. it means that content originators and advertisers are fighting the background noise of the founder/owner.

@bea because it's chainsaw juggling all the way down. historically secure by default hasn't really been a strength of cloud, for example the original default s3 bucket permissions, or default settings on vms in GCP. docker and k8s add even more complexity on top where it makes it quite difficult to easily ascertain the overall security of the solution. Basically yeah it's secure unless you step on one of the 200 rakes hidden in the long grass.