I really don’t care, I actually thought it was kind of hilarious i was just yelling into a federated void for two weeks before my slow ass finally realized something was off lmfao hence the meme about the really bad moderation system
100% mods just toss them around to ban opinions they don’t like. I even got one for genocide that I’m not even able to see what I said. Good Lord I wish I could see what pissed them off so much.
The sad thing is that well made websites can be a beautiful thing. But with the amount of ads they ruin that experience. And by enabling read mode all that website design that came up in the last year’s is gone again
It is possible to have a well designed website with ads. Unfortunately, once you start using analytics, you can figure out how to “tweak” your design to increase engagement with ads, thereby increasing revenue.
Before long, your well designed website is a crappy website because that brings in the bacon.
If you get Bitwarden pro (really cheap), you can save an OTP link together with the site credentials, it’s really good for keeping everything in one place
This isn’t really a good idea because then you’re putting all your eggs in one basket. The whole point of 2FA is that the second factor is in a separate location so if your first factor (password) gets compromised the second one (OTP code) still protects your account. If both factors are in one place you’re back to a single point of failure instead of 2, losing a key benefit of 2FA.
If you’re gonna do this, at the very least have 2FA with a security key on your bitwarden vault.
You lose security, sure. But you are gaining so much more ease of use. Bitwarden autofills your credentials and puts your token into your clipboard. Also it syncs your tokens to all devices. Effectifly this makes a site as easy to login as a site without 2fa.
The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.
I currently activated 2fa on over 60 sites, I doubt I would use it as much without BW.
For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.
The alternative is on desktop always get your smartphone, open some app type a token or on the phone to switch to multiple apps to get your credentials. Not fun imho.
There are desktop apps for OTP, you don’t need a phone. And since you only need to setup an OTP secret once, doing it for your phone and pc isn’t that big of a deal.
I have my OTP secrets in 3 places, 2 yubikeys and my phone’s authenticator app, with the former meant for my PC.
For me, the key benefit of 2Fa is getting more security against leaked, stolen, phished passwords, and that still holds up.
If your vault doesn’t have 2FA too this doesn’t hold up though. Means you’re trusting a single service that can get hacked with all your secrets. Sure, your other accounts are more protected against leaks and stuff, but if your password vault isn’t, you didn’t really change much, just pointed the hackers to one single place.
Yes I know hacking a password vault isn’t some walk in the park and rarely happens, but the point is any leaks from it would be 10 times more catastrophic for you if all your OTP secrets are also stored in it. I’ll spare myself from that nightmare with the small inconvenience that is a separate, offline OTP app.
Today’s stupid question: are vim and neovim not the same thing? I just type vi (ancient habit) and use whatever it is that executes. (I can go search but interacting here is more fun lol)
Yeah, it doesn’t make a lot of sense. People talk about “when Linus dies”, and obviously that will be devastating, but in my mind Bram just was. I wish I’d made a point of meeting him, or at least sending him an email to say thanks. Not for vim specifically, though I will probably use it until my fingers quit working. As with countess others, Bram inspired me to learn about ICCF Holland, and from there I had the privilege of supporting a child in Uganda through school. That’s what I’d want to thank him for. And vim.
Neovim is a fork of Vim. It uses Lua for configuration instead of the original Vim’s VimScript, but still has a lot of interoperability with original Vim plugins and configuration options.
Neovim is better in many ways, and because it has lua support, it’s so much easier to write plugins for it. So there are thousands of plugins right now, and entire neovim distributions that are configured to work like an IDE, like Lazyvim for example.
I’m a huge fan and I have written plugins myself since it’s easy and rewarding.
But on the server, I don’t bother installing neovim. Ordinary vim is fine for simple editing tasks. But if you want a customized experience to replace VS Code on your computer, you want neovim and not vim.
Q: I got a prompt asking me to grant permission for the app to access my location. Why am I seeing this?
A: You will see a prompt from the Authenticator app asking for access to your location if your IT admin has created a policy requiring you to share your GPS location before you are allowed to access specific resources. You’ll need to share your location once every hour to ensure you are still within a country where you are allowed to access the resource.
And? I don’t give a shit what the admins of my network want. It’s DFA – they don’t deserve to know that. Ergo, I don’t use the MS app. They can kiss my ass and fire me if they don’t trust where I am.
It’s a security / compliance policy. There is a very high chance your company has not even enabled it, have not seen anyone using it.
As I see it, you would and could use it only if you force MS Authenticator notification as the only MFA method and it is important in which country MFA prompt originates. Usually it is IP based block / whitelist which checks IP from which login originates which seems like a much more useful info, then you can also allow any MFA method.
Your question was why GPS permission is needed, you should now know why.
I am using MS Authenticator and Aegis. Using MS authenticator only for work accounts that have been setup for number matching feature, it is pretty nice to simply enter 2 digits in app than entering 6 digits in client itself any time you need to approve MFA.
Everything else that supports standard TOTP whether work related or personal is on Aegis - it is a much better TOTP app.
That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature.
Sounds more like a bad design than purposefully left backdoors. Very few devices are rooted and usually you cannot get root without fully wiping your device in process. As for cloud upload, that indeed is convenient for most regular users. I prefer encrypted offline backup like Aegis does, but you need to think about regular folk if they would loose or wipe their device.
It’s not bad design, it’s definitely intentional, however I agree that it’s probably not for having backdoors, but for convenience. Average people forget their passwords all the time, and with encryption that level of carelessness is fatal to your data if they have not saved it somewhere, which they probably didn’t do.
Very few devices are rooted and usually you cannot get root without fully wiping your device in process.
I’m pretty sure the system is not flawless. Probably it’s harder to find an exploit in the OS than it was years ago, but I would be surprised if it would be really rare. Also, I think a considerable amount of people use the cheapest phones of no name brands (even if not in your country), or even just tablets that haven’t received updates for years and are slow but “good for use at home”. I have one at home that I rarely use. Bootloader cannot be unlocked, but there’s a couple of exploits available for one off commands and such.
I wonder if the guys here who are moaning like the snowflakes they are about Linus’ way of conveying the message (not the message itself) are from the US? I sometimes really wonder about the US mindset. The boss is critisizing you justifyably but in an inadequate tone? Hell breaks lose. But as an employee insisting on healthcare, an adequate number of days on paid time off, unionazing or at least have an able workers’ representation? Nah, that’s unheard of.
How about having some priorities? Grow a pair and chose your battles more wisely. The boss criticizes you? If he’s right, own up to your mistakes. Want some rights you are actually entitled to? Yeah, that’s what you fight for.
Don’t allow your boss to speak to you like that, unionize, and fight for your workers rights - including the right for dignity and respect, listed in the Universal Declaration of Human Rights, but also for higher pay and better working conditions.
After twenty plus years of watching LKML and Linus’s behavior in general, I have to concur with you. Reading a lot of the ‘linus is an asshole’ threads, there’s generally a clear runup towards an outburst.
Just recently he called some developers out because it seemed evident they weren’t testing their patchsets on bare metal. So it’s not just code that gets called out, it’s also development methods that end up causing upstream pain.
lemmy.one
Top