If this is true (or at least plausible to the relevant people), the author of that Twitter post will probably be on the radar of any shady government agency worldwide. Not a nice situation to be in.

Are you sure? Doesn’t the “smart edison bulb” design make it harder to dissipate heat to the casing, therefore making the LEDs get hotter compared to PCBs with LEDs surface mounted on them?

Anyway, if you want your light bulbsany technology to last long, don’t buy the “smart” variant. “Smart” usually means more components and/or more dependencies on interfaces, and more complexity, so a higher chance to fail.

Maybe they should ban trowing away your trash instead.

Capitalist perfection: you are paid for cycling, don’t do anything else!

One example for self documenting code is typing. If you use a language which enforces (or at least allows, as in Python 3.8+) strong typing and you use types pro actively, this is better than documentation, because it can be read and worked with by the compiler or interpreter. In contrast to documenting types, the compiler (or interpreter) will enforce that code meaning and type specification will not diverge. This includes explicitly marking parameters/arguments and return types as optional if they are.

I think no reasonable software developer should work without enforced type safety unless working with pure assembler languages. Any (higher) language which does not allow enforcing strong typing is terrible.

I have worked on larger older projects. The more comments you have, the larger the chance that code and comment diverge. Often, code is being changed/adapted/fixed, but the comments are not. If you read the comments then, your understanding of what the code does or should do gets wrong, leading you on a wrong path. This is why I prefer to have rather less comments. Most of the code is self a explanatory, if you properly name your variables, functions and whatever else you are working with.

Correction, 50% of VOTING Americans are VOTING fascist. Doesn’t necessarily mean they are fascist themselves.

I’ve seen a few people with PhD who want to be developers being put into management roles, getting quite unhappy.

That said, if this type of PhD clearly communicates they want to be developers, the often still get jobs, maybe with lower pay compared to the manager but a bit higher pay compared to the developer

Cross-post: https://lemmy.world/post/17034517

In addition to the other comments here: Don’t run near cows. Quite often, they will start running with you, which is very impressive and dangerous at the same time. Cows generally are faster than you for the first few hundred meters at least.

It seems like part of your thinking is: Why would a criminal invest effort to attack an average John Doe? The answer is: With a popular (widely used) operating system, the effort goes close to zero. Attacks can be automated, so they will be. Also, even if they are not interested in your data, they will be interested in other benefits they gain from controlling your computer:

• Computing power e.g. for Bitcoin mining
• Your internet connection to attack other computers via yours, taking your computer to hide their identity and location. This is commonly done as DDOS for blackmailing businesses or silencing websites. Or for sending spam or fake reviews.
• Your identity. If they can get your name, they can order stuff on your name, which will get you a bad credit score or even criminal charges (identity theft)
• Access to your local network. Many devices are easier to hack via local network access than from the internet. A criminal who took control of your computer could for example take over your “smart” appliances or WiFi printer.

With ”there is a VPN in F-Droid", do you happen to refer to Netguard? https://lemmy.sdf.org/comment/11993547

Netguard is a FOSS Android app which kinda works like a firewall. You can allow/block network access on a per-application basis. You can limit access e.g. on WiFi or on mobile etc. It also supports blocklists, supplementing your ad blocker.

To the Android OS, Netguard acts as if it were a VPN.

Limitations:

• if you want to filter Android system services, you will break things. You will need to spend some time to do it right.
• Chaining it to another VPN is only possible via SOCKS proxy
• if you want to route some app’s traffic via VPN and others not, I think that is not possible. You could, however, manually turn off an app’s internet connection before disconnecting the VPN, if that is not too error-prone for you.

The app is very stable, I have been using it for about 5 years without problems. For most use cases it is fire-and-forget, i.e. I rarely open the app any more.

This is partially correct, partially wrong.

As many have commented, flipping a signal by 180° cancels it out. However, this is only true for static noise though. Transient noise cannot be canceled out completely, because you would need to see into the future to know which signals to play to cancel out the noise.

The ANC headphones I own mainly cancel noise through passive shielding of the ears. The “active” noise canceling feature is not contributing a lot.

If it is just the location, then it could be spoofed.

If it is something that requires physical presence, then you need both devices to communicate with each other. If it is not done via QR code (like some online banking do), then both devices need to be connected, e.g. via WiFi or Bluetooth. In this case, if an attacker controls one of the devices (that’s the class of attacks 2FA should prevent you from), the attacker probably controls both devices. So what’s the point then?

I guess if there is WiFi, he won’t even need a mobile data plan, so he could safe lots of money.

How would MS Authenticator make it any better than TOTP?

To break TOTP, the attacker would need to:

a) be able to observe the initial exchange of the TOTP secrets. To do that, the attacker needs access to the victim’s computer (on user level) at that specific time they set up TOTP. TOTP is a TOFU concept and thus not designed to protect against that. However, if the attacker controls the victim’s computer at that time, the victim is screwed anyways even before setting up 2FA.

b) have access to the TOTP app’s secret storage and to the victim’s login credentials (e.g. by phishing). If the attacker can gain that level of access, they would also have access to the Microsoft Authenticator’s secret storage, so there is no benefit of the Microsoft app.

On the other hand, Microsoft Authenticator is a very huge app (>100MB is huge for an authenticator app, Aegis is just 6MB, FreeOTP+ 11MB), i.e. it brings a large attack surface, especially by connecting to the internet.

I don’t think Microsoft Authenticator brings security benefits over a clean and simple TOTP implementation.

If it is just TOTP, you can use any other TOTP app, such as Aegis or FreeOTP+.

And no, Microsoft cannot be trusted on not doing anything bad. The app is full of trackers and has an excessive list of permissions it “requires”.

For comparison, Aegis and FreeOTP+ work without trackers and way less permissions.

Microsoft has a long track record of leaks. Just naming the 2 most prominent:

1. Microsoft Edge leaks every single URL to Microsoft servers (source)
2. There are lots of reports that Microsoft had their general key stolen and not even notify it for months. It is unclear who had acces to that key. This is putting anyone at risk who uses any Microsoft product. (See for example here)

Are you forced to use their app or are they just very insistently trying to trick you into using it? I.e., have you tried with Bitwarden or any other TOTP capable app?

It might depend on configuration. In the only case of Microsoft enforced 2FA I know of, it is just TOTP. Microsoft’s web interface nudges (tries to trick) you into using the MS Authenticator app, but that app is not needed. You can use any TOTP capable 2FA app, e.g. Aegis or FreeOTP+, both of which are also available through F-Droid and don’t require internet connection.