I paid once for a full license for Windows 98, not an OEM one that comes with a computer. They then gave free upgrades indefinitely since technically it was always the same computer, so I only needed one copy. Simplified it by avoiding a lot of the pirating crack issues and risks. Every other computer than that desktop has always had Linux, and now it does too since I dont really do much gaming anymore.
Yeah none of that is that odd to me. There are much odder things out there like quantum entanglement. And the last one is just dumb. Neptune has moved a hell of a lot. Just because its revolution around the sun is hella-long distance doesn’t mean it’s not still moving really fast.
Agreed. Some censorship is good. Just like some regulation is good in any industry. Otherwise, the worst of the worst will destroy it with propaganda and hate. Censorship of things that are meant solely to hurt others or to spread misinformation are needed.
Nah LLMs aren’t true AI anymore than the simple scripts in games from decades ago are AI. They aren’t intelligent or thinking at all, they just mix and mimic combinations of words they were trained with. They don’t understand any of them.
Lots. My ASUS laptop from 3 or 4 years ago doesn’t have sound bu default in several distros. It came with Windows originally. Many of the drivers are proprietary, so they aren’t included by default if they exist at all.
I think that’s a high number, maybe 90% use a browser 90% of the time. But it’s pretty common to need to use a printer or scanner which many new ones aren’t easy to get Linux drivers for, watch a video that requires audio drivers for your computer, use a video camera and mic for a telehealth visit or school which requires drivers and software. Most of that doesn’t come with Debian or on the default repos. Web browsers do more than just read the web.
Only if you have an older computer and dont need any modern drivers and dont care about graphics or music creation or gaming, and dont care that you right have to put a lot of work into getting up and running like you’re used to. But new users usually care about one or more of those things. That’s why the distros that build on Debian exist.
Definitely not good for new users if were talking desktop.
Awesome, I bought Black & White when it came out ages ago and have tried to get IR running a few times over the years. I dont have the disc anymore due to a flooded basement many years ago. Might have to try it again.
A lot is simply because science validates its results and uses a training data set that is very targeted, not everything on the internet.
Might be worth it if TV technology was actually still improving. But since they stopped innovating outside of more aggressive ads, I can’t see wanting to upgrade after just a couple of years, so I think it would only be good in very specific circumstances.
When healthcare can ruin you financially for even small issues, of course you’re going to look for help from any free source you can.
Exactly, so it does that job because it requires an entirely different and complex skill-set to intercept sms messages and you have to do both things now if sms 2FA is in place. With the issue in the article you dont even need to intercept sms meant for a particular user to get access to random users’ accounts, thus totally different issue.
I asked, what is better for a second factor than SMS?
I was talking about sms. All types of cryptographic code generation uses one or more keys. The sms type just uses one that only the sender holds, it’s never shared with anyone which can cause it to be more easily lost.
The sim cards and their cryptographic keys are just built into the phones, and the codes are swapped when you sign up, same concept as renovable sim cards.
And again, it doesn’t matter of a sms code is intercepted as much as the entire login method. If you dont have the username and password, what good does an sms code do for anything? The issue in the article is that there’s nothing else to know, just the current format of the set of codes being generated by the system. Then you can randomly guess a similar code and get access to a random person’s account. Much, much different from the use MFA which is worthless without ALL of the factors, not just a single one.
I don’t understand what you mean by “keys” here. Nothing in encrypted. You generate codes by initiating the login process.
The way TOTP works is there is a key (usually in the form of a QR code) for TOTP apps. That key is stored in your TOTP app locally, but also often stored I’m the cloud of you use Google’s app. Codes are generated using that key and the current timestamp. Otherwise a valid code can’t be generated.
There is no encryption in SMS…
The messages aren’t encrypted at rest but, the connections are. You need a key in the physical sim card to intercept anything. You can’t just intercept and duplicate a sim card’s identifier like with 2G. No casual hacker is going to hack LTE or newer technologies, only professionals like governments and government backed spy agencies. Not saying it’s as secure as OT should be, but the effort and cost is not worth it most of the time.
And sim swap only works if you also have the person’s username and password for 2fa. For the issue mentioned in the article it does work because you dont need any knowledge or other factor other than the message itself to login. Single factor logins with not even needing to have a username, much less a password, are obviously going to be an issue, which is why I’m emphasizing, I’m interested in 2FA like a bank might use, not the issue mentioned in the article which is totally different.
That’s the thing though, with SMS 2FA you don’t have the keys at all, so you can’t generate codes, you only get the code you intercept. Same with email based, but with sms, the message has to be intercepted in a timely manner, which is much more difficult for SMS than if they already have your password that’s used for your email account. Plus the issues with SMS not being encrypted only really exists on 2G services which they really need to get rid of, or at least disable at the account level so 2G only works for emergency calls. 4G and up are significantly more secure (not perfect but requires much more complex hardware and knowledge of secrets from the cell company) and generally require the hacker to be masquerading as the user on the cellular network. Otherwise, hack the cell provider which is how a lot of the archived messages they mentioned are retrieved, because, yeah, they usually aren’t stored encrypted. But if the TTL of the TOTP code is 10-60minutes and single use as well as invalidated once a new code is sent like a bank or really any decent system should, archived message caches aren’t useful.
The issue mentioned in the article is totally separate. These are links that you can log in without needing to even know a username, much less a password, associated with that code. Guessing a random code generated for a specific account is much more difficult, not to mention needing the password. The article is more hypothetical in the actual security of the SMS messages going to a particular phone for a particular account and more about how bad the links being generated are since if you get one link from any insecure sms message you can access many random accounts as well as the one you intercepted and no other factor, even user id, is needed to use the links. So you can send one code just to your own account and then use that to hack others without even having to intercept anything nefariously.
SMS 2FA is TOTP, just the code is sent via SMS and the key is never shared with the user. But the issue with those apps seems to be even more problematic than SMS from the issues mentioned, e.g. changing phone numbers is not as common as changing phones or other catastrophic events that might cause the keys to get lost. And if you store passkeys or TOTP generating keys in the cloud, then the factor is no longer “something you have” because anyone can get the keys if they get the password to the thing storing the keys. SMS based TOTP leaves the keys only with the site you’re logging into and only the time sensitive TOTP codes are ever sent out. And although the lifetime period for sms TOTP has to be longer, they are additionally expired on single use (assuming it’s implemented properly).
Problem is finding something that is universal that is a “something you have” is difficult to find that almost everyone has. Almost everyone has a cell phone these days, so it’s a good option to use as that kind of factor. Email is a second “something you know” factor (I.e. via the password to your email account) and could be the same something if you use the same password. And getting someone to carry yet another device even if it’s simple like a Yubikey or something like that can be difficult. And unless biometric devices become universal on computers as well as phones, the “something you are” factor is hard to accomplish universally as well.
So, what options do you think are better that can be a “something you have” for use as a second factor to a password or other type of “something you know” factor?
How so?
It’s a second factor. It’s “something you know”, “something you have”, and/or “something you are”. The username and password is the “something you know” and the sms message is “something you have” (I.e. the phone). There’s no need for the second factor to be secret as long as it is single use and time sensitive and is only used as a second factor, not the only factor.
This article was about single factor messages that are the entirety of the login flow, so not about 2FA, but I’m still interested in the concerns for second factor. It is still adding security over a password alone which is the only goal in the 2FA subject.
It also works much like space, only a single dimension. And similar to space, the distance between two points on a line can change if the line is stretched without affecting the distances of things around it necessarily, the distance between to places in time can change locally through time dilation.
So take a piece of elastic and an piece of paper. Draw a line on the elastic and an equal length line on the paper. Take two small windup toys or some other thing that can move in a straight line at a steady pace and that both move at the same speed. And put one on the paper and one on the elastic. Now imagine that the toys or whatever can only look down, directly at the line and points (i.e. they’re one dimensional).
Normally, both will reach the end of their lines at the same time. But stretch the elastic and run them again and one reaches the end faster than the other. There’s been no break in the line and the points weren’t changed and they’re both still moving the same speed, but the space that the elastic one exists in has been stretched or “bent”.
Not the best analogy exactly for understanding the concept itself, but understanding that there’s often an underlying thing that usually remains unobserved or in the case of time dilation or bending 3D space, something that is not observable by humans (or the toys) is what to take away. What we perceive is only a small part of what exists. We can only see the effects those things have on space and time to prove that they must exist.