Windows is malware.

Apple and Microsoft support aren’t exactly awesome, either, unless you’re a big business with deep pockets. At least with Linux, the system is open, so if there is a way to solve my problem, someone has almost certainly found it already and added it to Arch Wiki or Stack Overflow or something.

Well, they sure aren’t pleasing me.

Sounds like an interesting idea. Pity MS can’t be bothered to iron out the issues with it.

Horrifying to see Biden and the Dems unite with the Republicans on an anti-LGBT+ bill.

KeePassXC seems reputable, so I guess I’ll try to use that when the time comes.

I’ve only used SMS and Steam 2FA so far. I’ve been avoiding 2FA as much as I can.

How do I feed the generated QR code back to GitHub, then? Can I upload an image of it?

How will I notice when the spare fails, if it’s only a spare and I don’t regularly use it? Then I’m down to only one key, and as any grumpy backup admin will tell you, if you have only one copy of something, you have zero copies.

I would have a key plugged into the computer pretty much all the time when I’m working, so anyone who compromises the computer can impersonate me as long as I’m at work. This would be mildly inconvenient to the attacker, but wouldn’t actually stop the attacker. And if the computer isn’t compromised, how is anyone going to get into my GitHub account even without 2FA? They certainly aren’t going to do it by guessing my 16-character generated password or Ed25519 SSH key.

Something-I-know is worthless for authentication in the age of GPU password cracking. Most humans, including myself, do not have photographic memories with which to memorize cryptographically secure passwords. We’re all using password managers for a reason, and a password database is something you have, not something you know.

I can do that with alphanumeric codes, yeah, but can I get alphanumeric codes from GitHub, or is it going to be a QR code? I can’t write down a QR code…

Printing recovery codes would require me to either be price gouged by the printer ink cartel or use someone else’s printer, and using someone else’s printer is begging to get my account stolen.

I have no idea how to hammer things into metal plates, but I’m guessing that’s even more expensive than printer ink.

…through a third-party cloud server that you have no good reason to trust. No bueno. Keep sensitive information off the cloud unless you want it to become public.

Allowing a smartphone access to anything sensitive is even worse advice. Smartphones are notoriously insecure.

That’s a pretty absurd take in 2023. Tracking and surveillance is rampant these days.

It’s pretty hard to hand-write a QR code, I don’t wish to pay the printer cartel $50 for the privilege of printing it, and it would of course be horribly insecure to print it with someone else’s printer.

And how would I use the QR code? I can’t scan it with my phone’s camera because allowing my phone access to my GitHub account is a security risk, and I can’t scan it with my desktop because it doesn’t have a camera.

So, how is this going to work? How do I recover my GitHub account without making it less secure than it is with just a password?

The use of a “secure enclave” for any purpose is a bug at best, because secure enclaves aren’t just secure against your adversaries; they’re also secure against you. This is intolerable. All machines must obey their owner, and “secure enclaves” by design don’t.

If even highly skilled humans couldn’t do that, artificial pseudointelligence doesn’t stand a chance in hell.

There’s nothing of substance here. Just suits chasing buzzwords. Nothing will actually happen, just like nothing actually happened every other time some fancy new programming language or methodology came along and tried to replace COBOL, including Java.

Hardware tokens are specifically designed to resist copying. Any means of copying it would be considered a security vulnerability.

Bits rot. A hardware token kept in a bank vault may or may not still work when I need it 10 years later, and there is no reasonable process for regularly verifying the integrity of its contents. Backup drives’ checksums are verified with every backup cycle, and so are the checksums on the file system being backed up (I’m using btrfs for that reason).

Hardware tokens are expensive. Mechanical lock keys are not.

I personally am afraid of this. What if something gets botched? I’ll be permanently locked out of my account!

I dislike MFA because it creates a risk of losing access to my account. I can back up my passwords; I can’t back up a hardware device.

Computer manufacturers often distributed buggy, pointless, or redundant third-party software (“bloatware” or “crapware”) to help subsidize the cost of the hardware.

To make more profit for the manufacturer, I think you mean. Until the cryptocurrency scammers came along and started stripping store shelves bare, you could build a computer from parts, it’d be cheaper than buying a pre-built computer, and it would be free of crapware.

Now what the hell did they think was gonna happen when they shipped defective drives? Did they really think people wouldn’t notice their bytes vanishing into the ether and their drives dropping off the bus?

This app may collect these data types: Personal info, Photos and videos and 2 others

From an app that scans sensitive documents? No thanks.

If you’re a “normal” person who rarely needs to scan things just use your phone!

That results in horrible images. I get supremely frustrated every time someone sends me a “scan” that way.

it shouldn’t be up to disgruntled customers to complain to support agents, lawyers, and judges.

It’s up to the voting public to elect politicians willing to regulate business. As long as people keep voting for anti-regulation politicians, regulation will keep not happening.

I think that falls under “malice”.

Nope, Brother has been climbing aboard the enshittification train as well.

Definitely charitable. My interpretation of his statement is that his idea of failure is unions because his idea of success is screwing over his employees.

What rubbish. If it was government-mandated fees, ISPs would print them on the bill in big bold letters, right next to the relevant Congressmember’s phone number. These fees are pure profit for the ISP. Deceptive advertising, nothing more.

These companies need to be Ma Bell’d. Immediately.

JSON is overly verbose and doesn’t allow comments. Please do not use it for anything that humans frequently need to read or write.

YAML is a syntactic minefield. Please do not use it for anything ever.

I’ve used both hinged and non-hinged Apple touchpads, and the difference is noticeable but minor to me. Certainly not enough to make up for everything that’s wrong with Apple hardware.

I hadn’t heard of Force Touch, so I looked it up on Wikipedia. Isn’t that difficult to control? It sounds annoying more than anything else.

try using a Macbook touchpad and then any other one after it

I have a Dell laptop from 8ish years ago whose touchpad behaves pretty much identically to an Apple touchpad.

Software support for touchpad gestures on Linux is pretty lacking, but that’s not the hardware’s fault.

Sounds like a success story to me. These cars’ automation is so good, you can f somebody while the car is moving and you won’t crash!

The battery in a phone only functions as a UPS if it’s plugged in 24/7, in which case it isn’t usable as a phone.

There’s not really anything stopping someone from writing the necessary code to make this work, but why do that when you can use an always-online, non-battery-powered computer as your web server?

Email spam usually has heavily flawed English.

I’ve heard that this is intentional. It would be a waste of the spammer’s time to be contacted by people who are smart enough to not be fooled. Those smart people won’t bother contacting the spammer and wasting the spammer’s time if they see grammatical errors in a message that purports to be from a reputable organization, so the spammer throws in some errors to make the smart people filter themselves out. Or so the theory goes.

Why is the pulse width so large? LEDs can toggle millions of times per second, not merely hundreds.

It is possible, by the way, to dim an LED without PWM the old-fashioned way: by varying the voltage of the power supplied to it (“DC dimming”). You can see this in devices that have an indicator LED that stays on for a few moments after power is disconnected, then fade out. What’s happening there is a capacitor in the device is (briefly) powering the LED. As its charge depletes, the voltage drops, and the LED dims. However, controlling LED brightness this way is a great deal less accurate than PWM, creating color distortion at low brightness. See related Android Police article.

I wonder if the problem with DC dimming could be solved by adjusting the voltage supplied to each LED based on measurements made in the factory of its brightness at different voltages?

Not without losing brightness. White LEDs work that way and are less bright than an uncovered LED of the same power. Some of the light from the LED becomes waste heat instead of light when the phosphor absorbs it.

Also, not without losing response time. Part of the point of using LEDs for displays is that they can change brightness very quickly.

Kiwi Browser gives you all desktop chrome addons.

Ad blockers (that actually work) will not be allowed in desktop Chrome starting next year.

Yandex as well, if you prefer Russian surveillance over US surveillance.

I don’t. Better to be under the surveillance of one country than two.

Even Samsung’s browser offers addons.

And Vivaldi has about everything I need

Those two are not FOSS, so they are immediately suspect.

That’s good of you, and as a dev I also test on FF (contrary to many of my colleagues), but that’s not what everyone does. And thus, as a user, I frequently stumble over stuff that doesn’t work on FF.

And that’s your cue to leave and look for an alternative to that website.

If everyone felt like that, don’t you think FF on Android would have a market share higher than 0.48% on mobile?

No one ever accused the general public of being well informed.

It actually isn’t. Microsoft got sued in 2001 (so 22 years ago, and that matters), and they only got sued to open up their OS so that users could replace the browser if they wanted to. They were actually not prohibited from bundling IE with Windows.

False. Microsoft never stopped users from installing other browsers. The issue was that IE was bundled with Windows, and other browsers were not.

From Wikipedia: “The government alleged that Microsoft had abused monopoly power on Intel-based personal computers in its handling of operating system and web browser integration. The central issue was whether Microsoft was allowed to bundle its IE web browser software with its Windows operating system. Bundling the two products was allegedly a key factor in Microsoft’s victory in the browser wars of the late 1990s, as every Windows user had a copy of IE. It was further alleged that this restricted the market for competing web browsers (such as Netscape Navigator or Opera), since it typically took extra time to buy and install the competing browsers.”

And putting ad-banners on their own website to market their own browser (like Google is/was doing with Chrome on the Google search site and on Youtube) was never part of anything like that.

That it is not, but it is an anti-competitive practice: using one monopoly (on web search) to create another (on web browsers). I’m not certain whether this particular anti-competitive practice is illegal yet, but it needs to be.