HackerTrans
TopNewTrendsCommentsPastAskShowJobs

margo209320

no profile record

comments

margo209320
·6 lat temu·discuss
This is cool and it looks pretty, but what is the actual use for such a display? Today we look at 3D models on 2D screens by rotating them, using a mouse or similar input device, which works perfectly fine.
margo209320
·6 lat temu·discuss
"The power adapter often can't provide sufficient power to spin everything up at boot, and needs the battery as a buffer"

Do you have any proof for that? It sounds very unrealistic to me. These days there aren't even any magnetic disks to spin up at boot time.
margo209320
·6 lat temu·discuss
The main advantage of using YouTube with an account, is being able to see what's new from all your subscriptions.

To get rid of the annoying stuff, I added this to my uBlock Origin filters:

www.youtube.com###comments

www.youtube.com###related

www.youtube.com##.ytp-show-tiles.videowall-endscreen.ytp-player-content.html5-endscreen

This of course also eliminates ads.
margo209320
·6 lat temu·discuss
> not forcing women to wear a veil

How the fuck does THAT fit with the other examples you gave? The word "force" in there should make it pretty clear that it's not ok or just a matter of opinion.
margo209320
·6 lat temu·discuss
> meaning 6 figures Pringle cans being sold every year, if not 7

The article states "three million cans are made across Europe every day". That's 10 figures annually in Europe alone.
margo209320
·6 lat temu·discuss
I know. But then you are buying hardware again. And the good quality stuff is expensive.
margo209320
·6 lat temu·discuss
I agree that the price / functionality ratio is much better in modern times. But a significant drawback, which I didn't see mentioned, is that most of those nice hardware buttons, knobs and sliders are now tiny, obscure controls arranged on a multitude of hidden screens on that tiny laptop display, which you have to awkwardly operate with your virtual mouse pointer. Usability in fact suffers a lot if you go "all software".
margo209320
·6 lat temu·discuss
This reminds me of Cory Doctorow's Unauthorized Bread (https://craphound.com/category/unauthorizedbread/), where poor people have to rent "subsidized" apartments and in turn are forced to use the pre-installed household appliances, which only work with "official", overpriced supplies from the manufacturer.
margo209320
·6 lat temu·discuss
Nevermind - I might be mistaken. You need to enter the 9 digit number AND a URL. Probably the secret is then loaded from that URL. In the past, I must have used the QR code (I thought I used the number).

Here is a screenshot of the screen with the "secret":

https://docs.microsoft.com/en-us/azure/active-directory/user...

And if you choose to set up a 3rd party app, you get the secret directly, which is indeed 16 characters long (alphanumeric, all lowercase as it seems).
margo209320
·6 lat temu·discuss


    [...] with really long key so brute forcing it is not feasible at all.
When setting up MFA for a Microsoft Azure AD account, they use a 9 digit code as the secret, which you can either enter manually or by scanning a QR code. My gut feeling is that 1 billion possibilities is not that hard to brute-force.

I don't know if that is standard or if other services use longer secrets.
margo209320
·6 lat temu·discuss
What confuses me is that TOTP is usually referred to as "something you have" (the app on your smartphone, with the secret), as opposed to "something you know" (your password). But the TOTP algorithm and the current time is known to any attacker. What remains, is just the secret, which is the same as a password (a password given to you by the service provider instead of a self-chosen one). So in the end, TOTP just increases password complexity, doesn't it?

EDIT Trying to answer my question: it prevents a MITM attacker from sniffing your password hash once and using that forever, since the TOTP code is different each time and the attacker would still need to brute-force the secret. But if that's the only benefit of using TOTP, couldn't that be combined with the password: The service where I want to authenticate sends me a "challenge" (random number), I enter my password and an algorithm on my client combines the challenge and my password-hash to create the result to send back to the service. This way the value sent over the insecure line is always different, since it is based on the challenge. The user would not have the added inconvenience of having to enter the TOTP code.