All I can think is that it has a very…

… feel to it.

I prefer security keys. At work I use a yubikey, and I have Google’s security keys for my personal stuff. I tend to use totp as a backup.

For everything not banking, it’s great, I agree. I still prefer my security keys to everything. It’s hard to duplicate a digital key when it only exists on protected storage on a physical device, where that key never exists outside of that physical device.

In case anyone doesn’t know: FIDO works using a pair of asymmetric digital keys, the public key is sent to the remote site, and only the private key can decrypt anything encrypted by the public key. So a challenge (usually some mathematical calculation, not sure), is encrypted by the site/service that is handling the login, it sends over the encrypted request, which is passed, in it’s entirety to the fob. The fob requires a physical activation to process the challenge (usually a touch, but some require a fingerprint). The challenge is then decrypted, processed, the response is encrypted, and sent to the site for login, which decrypts the response with the public key, and compares the result to the result of the challenge that was sent.

There’s no part of this that can really be compromised. An eavesdropper can obtain the encrypted challenge (unable to be decrypted in any reasonable manner), and the response/public key… The public key isn’t useful, and the response is only valid for that specific login because there are aspects of the challenge that are unique per login.

All information in flight is unreadable nonsense. The only unique information to the key that is sent anywhere is the public key, which is supposed to be public.

Totp has the vulnerability of needing to relay the seed, usually by QR code. The only vulnerability there is when you set it up and the seed is shared to you, it can be intercepted. If that seed is stored anywhere that becomes compromised, then it becomes meaningless. It can be mined from an authenticator, or captured in flight.

Both of these are better than alternatives. Email/sms codes can be intercepted, either by an administrator or by an internet relay, or by sim duplication, etc. You know that already.

I don’t hate totp, I just recognize the faults in it.

There’s problems with physical security keys too, mainly in the fact that, if you lose the fob, you’re screwed. So it’s recommended to have a backup. Either in the form of a second fob, which is setup for all the same accounts which is stored securely, or in the form of another authentication method like totp.

Personally, I use a backup FIDO key for my accounts whenever possible. I also have a password manager that can store my totp so everything is in a single vault. If the vault is compromised then I’m screwed though… 90% of my accounts use a password reset email which is not stored in my vault. Only two things are not in my manager: that recovery email login (secured by my Fido key) and my bank (obviously also the vault login).

At work, I use the yubikey for everything that supports it, with totp as backup in my work’s duo authenticator account (duo is also setup to use my yubikey). So it’s all Fido/totp.

The only service I really want to use my security keys with that doesn’t support it, is my bank account… I suppose, also my government stuff, but almost all of that is informational. I can’t really make changes to my government stuff from their webpages. It’s generally just the government telling me things about my tax returns and whatnot (all SMS secured).

I hate the trend of companies requiring an app for 2FA… Something that’s not totp, but similar. You have a specific authenticator app for a single service on your phone only and it’s not great… Obvious examples include steam and Blizzard. Fuck that. I hate it. Go away. Give me normal MFA options… Dick.

I’ve ranted enough. Back to work for me.

Well, I have no arguments with what you’ve said. I think security keys/FIDO tokens should be more prevalent too. Otherwise this is 100% correct and I feel the exact same way.

Your story reminds me of something that my bank started doing. I got a robocall about something to do with my credit card, and the voice said to verify using x and y using my keypad, I think it was day/month/year of birth or something and I immediately noped out of the call. I hit all the wrong buttons until it got me to a person and I ripped them apart, and their supervisor for basically training their userbase to answer security questions given by an automatic voice on the other end of the line with no way to verify who is calling.

You can spoof your caller ID, you can get a text to speech robocall bot with DTMF recognition and just spam call a whole area where the bank operates and gather a bunch of personal information because it sounds just like the bank and there’s no way to prove who called.

What a crock of shit. It’s a security nightmare.

I did call my bank after at a known valid number, verified them as they verified me, and there was something going on, so the call was legit, and totally unacceptable.

These clowns want us to trust them completely, and give us no reason to do so, but they want us to bend over backwards to validate ourselves. Fuck that.

An Americano isn’t coffee.

It’s a watered down espresso.

The only reason it exists is because Americans visiting Europe would ask for coffee, and many euro coffee shops only had espresso, so they just added hot water to espresso and that was close enough for the tourists.

At least, that was what I heard.

I can clarify some of the tech stuff.

A “disk” is a concept. It’s an object which contains data.

“Hard” disks and “floppy” disks are always referring to the rigidity of the internal storage media. 7", 5.25", and 3.5" floppy disks have the same round magnetic storage material. The only difference with a 3.5" floppy disk is that they put a hard case over the floppy disk.

CD, DVD, Blu-ray, etc are both disks and discs, as their typically handled without a caddy/case. So technically both apply.

SSDs are still disks, just solid state, rather than floppy/hard spinning magnetic media.

Technically flash drives are also solid state disks, but we don’t generally conflate the two terms for clarity.

Most MREs that I’ve looked at are a bit more elaborate than your average canned product.

But the idea is the same, yes. It’s more interesting than your typical canned meal, and it’s more expensive, but the quality of the food, if you can call it that, is not dissimilar.

MREs usually are a more “complete” meal with a variety of components, while canned meals are just a volume of a single component.

For me it’s mainly that it adds variety.

And sure, there’s MREs that are like, stew, or soup, that you would probably be better off just grabbing a can of ready to eat Campbell’s or something… But there’s way interesting options than that too.

I once saw a “taco” MRE. It was little more than some “beef” (that you had to heat up) and “cheese” and some other fairly sad toppings on a small tortilla… But I would still take that over a can of chunky beef soup any day.

The nice thing is that MREs are shelf stable for a really long time, so you can get a box of them and shove them in your trunk, or into a desk drawer and then you don’t have to worry about lunch for a month. Longer if you occasionally go out for lunch with coworkers to local food places near your workplace.

Presently, I don’t work in an office (my job is 100% work from home), so I don’t really need it. I can get the same variety from a frozen meal, which is arguably easier, and it’s definitely cheaper than MREs.

I also have considered buying a few boxes as emergency food and throwing them in the trunk of my car. I live in Canada, and getting stranded in a blizzard isn’t impossible. I have access to my trunk from the cabin of my car, so I shouldn’t need to get out to get them and I could stay nourished while waiting for rescue. MREs are supposed to be paired with heating/cooking packs, which would help the car warm up when I’m having one, and with a decently sized container of drinking water, I could wait weeks for rescue, as long as I have adequate protection from the elements (jackets, blankets, etc), and some way to dispose of my bodily waste without contaminating my “living” area. I almost always travel with a radio (I’m a certified amateur operator, aka, ham radio), and a battery bank for my cellphone.

For a couple hundred dollars (maybe? Maybe more? IDK what the prices are for MREs right now), myself and a passenger could survive for a while being stranded in the white wasteland of Canada, without really having to do anything… Just waiting for rescue.

With global warming, last year we barely got snow where I am, and I don’t travel much, so the whole thing is on the back burner at best. The idea was to have it, and if I don’t need it, a few months before everything expires, the MREs become my lunch, and I buy a fresh box for my vehicle.

I’m not a monster.

I’ve seriously considered buying MREs because I can’t be bothered to meal prep.

I’m not going to disagree with you. I just want to point out that if they manage to get their offspring infected when they also contract something… They have a chance of winning a Darwin award…

I’m not saying any of that is a good thing.

I agree with the idea of bodily autonomy. Above all, someone should have the right to do, or not do, whatever they want with their own person.

Whether that is to listen to doctors advice, buy pharmaceuticals and self-administer as prescribed, or even end your own life, and everything in between.

Quick disclaimer, suicide should still be evaluated by a psychiatric professional, and simply being suicidal shouldn’t necessarily mean that nobody can, or should stop you from committing that act. I’m mostly referring to medically assisted self termination, after the appropriate safeguards, checks, and balances have been cleared. Simply wanting to off yourself without being cleared as having sound mind should be something we, as a society, should address carefully, with the assistance of mental health professionals.

With all that being said: I probably would DIY some pharmaceuticals. Anything that’s an opiate or other restricted substance, definitely not. But if I can buy the ingredients without needing a special permit or license, I definitely would.

Something I’ve noticed with institutional education is that they’re not looking for the factually correct answer, they’re looking for the answer that matches whatever you were told in class. Those two things should not be different, but in my experience, they’re not always the same thing.

I have no idea if this is a factor here, but it’s something I’ve noticed. I have actually answered questions with a factually wrong answer, because that’s what was taught, just to get the marks.

What if this lifetime is also a dream.

Like inception.

Thanks, I hate it.

Are you still using them?

I left Facebook when they banned me for not using my real name.

I was left in limbo indefinitely, because I challenged their assessment, and every time I try to log in now, it says that my account is “under review” or whatever.

Been like that for… Going on 6 years or so now. Maybe more.

Six of them.

The closest thing to a thin and light that I own is my framework.

I felt like anything less than what framework offers for repairability wouldn’t be sufficient for me.

There’s actually an argument that makes the point of driving prices down with soldered RAM.

The individual memory chips and constituent components are cheaper than they would be for the same in a DIMM. We’re talking about a very small difference, and bluntly, OEMs are going to mark it up significantly enough that the end consumer won’t see a reduction for this (but OEMs will see additional profits).

So by making it into unupgradable ewaste, they make an extra buck or two per unit, with the added benefit of our being unupgradable ewaste, so you throw it out and buy a whole new system sooner.

This harkens back to my rant on thin and light phones, where the main point is that they’re racing to the bottom. Same thing here. For thin and light mobile systems, soldered RAM still saves precious space and weight, allowing for it to be thinner and lighter (again, by a very small margin)… That’s the only market segment I kind of understand the practice. For everything else, DIMMs (or the upcoming LPCAMM2)… IMO, I’d rather sacrifice any speed benefit to have the ability to upgrade the RAM.

The one that ticks me off is the underpowered thin/lights that are basically unusable ewaste because they have the equivalent of a Celeron, and barely enough RAM to run the OS they’re designed for. Everything is soldered, and they’re cheap, so people on a tight budget are screwed into buying them. This is actually a big reason why I’m hoping that the windows-on-ARM thing takes off a bit, because those systems would be far more useful than the budget x86 chips we’ve seen, and far less expensive than anything from Intel or AMD that’s designed for mobile use. People on a tight budget can get a cheap system that’s actually not ewaste.

At this point, “centrist” is slang for, “I want to argue for what I believe in under the guise of being the ‘Devils advocate’”.