Six months into tariffs, businesses have no idea how to price anything

(www.wsj.com)

462 points JumpCrisscross | 1 comments | 30 Aug 25 20:56 UTC | HN request time: 0s | source

Show context

sirnonw ◴[30 Aug 25 21:28 UTC] No.45078160[source]▶

Funny how there is a post-it with a password glued to the screen of the computer in the lede image, now in plain sight for thousands of readers.

replies(8): >>45078197 #>>45078255 #>>45078281 #>>45078369 #>>45078562 #>>45078571 #>>45078637 #>>45082736 #

ashton314 ◴[30 Aug 25 21:35 UTC] No.45078197[source]▶

>>45078160 #

Looks like there's a year at the end; might be to facilitate suckurity requirements such as yearly password rotation.

replies(1): >>45078362 #

ronsor ◴[30 Aug 25 22:00 UTC] No.45078362[source]▶

>>45078197 #

Some places do 3 months! It's amazing

replies(3): >>45078494 #>>45079442 #>>45079964 #

bongodongobob ◴[31 Aug 25 02:58 UTC] No.45079964[source]▶

>>45078362 #

That was best practice until maybe 10 years ago. Point the people in charge of that to the NIST standards.

replies(1): >>45081664 #

hdgvhicv ◴[31 Aug 25 09:05 UTC] No.45081664[source]▶

>>45079964 #

I hear cyber insurance companies (ransomware cover etc) still require outdated standards.

replies(1): >>45086587 #

1. bongodongobob ◴[31 Aug 25 20:06 UTC] No.45086587[source]▶

>>45081664 #

People think cyber insurance requirements are hard rules, but they aren't. For the most part, you just need to show effort as it's completely impossible to be 100% compliant with all standards. For example, if you weren't rotating passwords but had proper MFA on your accounts, you're fine. Hell they even have conflicting standards sometimes. I've been through this multiple times when I worked at an MSP. For the most part, leadership just pushes to meet those standards to cya, which makes sense, but as long as you don't demonstrate gross negligence, they'll pay out.

↑