Unrelated, they have a few services that rely on GCP which is down. Still, I imagine the people working on the maintenance for Tokyo turned white during that job worried it was caused by them...
With my 49" I use OBS + Mouse follow script + OBS preview window on laptop screen and share my entire laptop screen. That way I know the window size is suitable for others viewing from their laptops and the preview follows my mouse and you can tweak zoom levels and mouse boundaries on the fly. Also the OBS preview window opens on launch, without opening the main OBS window. So you never have to see/interact with the main OBS window/application again so it really feels standalone which is great.
What I love about Vue/Nuxt devs are not only the powerful tooling they create, but the way they build it so any framework can utilise it. Biggest examples are Vite, Unjs, Nitro. Plus I love the way they think about providing so much flexibility with deployments. Want to deploy your SSR Nuxt app to Cloudflare workers? It’s a 1 line config change in the Nitro config
Experienced that this week! Upgraded to node 20 and typescript and his p-limit lib was the source of a lot of pain. No matter how much I changed the tsconfig I just couldn’t get it to work with the subpath imports his lib used. Ended up downgrading the lib to previous major and moving on.
We all here live in a tech bubble. None of my friends and family have a 2FA app, or know what one is. They understand SMS, and it's better than no 2FA at all.
At worst it's no worse than SMS, but at best it's at least secure in transport and effectively free.
The downside to email is primarily that data is not a roaming perk for many. But if it's too access an app then a reasonable assumption of internet access even if not on the mobile is valid.
The other two downsides are: Some people may chose not to have their email account on the phone. Personally I don't want to carry around access to my main email at all times (the same goes for access to my main bank account, BTW.)
Also, email delivery sometimes takes a very long time, it can be minutes, if you rely on email forwarding to protect your main email address.
Separate from that, it is not productive for you to tell me to think about it more -- for all you know I've implemented two factor authentication in various forms for decades (from OPIE when I worked at NRL to Smartcards within DOD to Passkeys currently). What would be more productive is to get more insight into what you're thinking
If you have access to somebody's email you can just click reset password and then click the "2FA" in their email and then you have access to their account
The same situation seems to be true of SMS, if you have gained access to their account then you can use that to perform 2FA as well. In this situation, it doesn't seem to be significantly different in terms of security.
To answer your question on whether or not people access other people's SMS accounts -- yes! That's one reason it's not recommended any longer. Additionally, there's often less security possible for ones SMS account versus ones email account.
You would have to get access to their email and SMS to perform a password reset and get past 2FA. If you are saying you could do a SIM swap attack simply by having access to their email I think that is not that practical at all.
> To answer your question on whether or not people access other people's SMS accounts -- yes!
What? I never asked that? What are you even talking about?
You've never done a password reset? That goes to your email. If your 2FA is over email too then that isn't 2FA. Because you only need the email to take over an entire account
For literally years Google Authenticator had no means to move between phones. Of course people who were told to use it decided never to use OTP apps again after getting screwed.
Yubikeys (and google's keys) have had issues where the keys were extractable and needed to be replaced.
and so on.
SMS has just worked. Yes, it has reliability issues, but it's almost like people can't model even the most basic ways that the non-SMS tech is basically terrible. Even Apple doesn't work well because of the broadcast behavior of the confirmations.
I don't know about Android but Apple users can literally start adopting TOTP without changing a single thing.
Providers should simply add instructions telling people that if they have an Apple device they can just go to the keychain and add the code displayed on the screen or use the QR with the camera
"Feature phone" can often have some android installed on it. From all definitions I ever saw, it was mostly about form factor (keeping that old Nokia looks with physical buttons). Nokias now have something called KaiOS, unix-based OS where you can develop just like elsewhere.
Porting some app into another OS would be probably a showstopper due to budgets/deadlines, even though even my old Nokia in 2006 could easily run java apps like these (but ended up mostly running Snake et al).
I don't know, which people were laughed at in the industry for the last few decades because they wanted to have control over their own computers and run their own code on their own machines?
reply