Also Canada, and I think in California.

Yeah, this is basically my line. If I intentionally subscribed I will be sure to unsubscribe properly once (maybe twice). But if it was unsolicited then it will be marked as spam.

There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don’t really tract domain metadata in a concrete way to do this linking.

Some examples would be Pass which doesn’t have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn’t come with a browser extension by default.

The reason I say browser password manager is two main reasons:

1. It is absolutely critical that it checks the domain to prevent phishing.
2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

You probably mean TOTP. OTP is a generic term for any one-time-password which includes SMS-based 2FA. The other main standard is HOTP which will use a counter or challenge instead of the time as the input but this is rarely used.

Tips for being secure online:

1. Use your browser’s password manager to generate random passwords.
2. In the rare case you need to manually enter your password into a site or app be very suspicious and very careful.
3. Never give personal information to someone who calls or emails you. If necessary look up the contact info of who called you yourself and call them back before divulging and details. Keep in mind that Caller ID and the From address of emails can be faked.
4. Update software regularly. Security problems are regularly fixed.

That’s really all you need. You don’t even need 2FA, it is nice extra security but if you use random passwords and don’t enter your passwords into phishing sites it is largely unnecessary.

I’m not an expert on modern alarm systems but it seems that it is very common and fairly inexpensive to have cellular data backup. Not every system has it, but many do. In that case cutting the main connection will likely result in someone appearing on site fairly quickly.

Many cameras also have some form of local buffering. So even if you are gone before someone does show up you still may find yourself recorded.

But at the end of the day just put a bag over your head and you can be gone by the time anyone shows up without leaving a meaningful trace. Other than the very top-end system security systems just keep the honest people honest.

Yup, that “what can I start in 10min” question really ruins a lot of productivity.

I don’t really mean literally to practice asking people out. But there are times in your life where you need to ask people for things. It is hard to get over the anxiety, risk of social embarrassment and practice showing confidence (even if you are not). These are valuable skills in all sort of social circumstances.

FWIW I think it is actually a valuable social skill to be encouraged to ask someone out to prom. A lot of people don’t have many similar experiences throughout their lives.

Prom is fun. You get to hang out with all of your classmates, ask someone out. A subset of people are always going to go overboard, but keep in mind that you don’t see the “normal” cases. Most people just walk up to someone and ask them out. They find a date from the school or go alone.

I’m from Canada so I don’t know if the US is wildly different, but here it is a bit of a big deal, but I think part of that is what makes it fun, you sort of build a bit of hype around what would otherwise be just another school dance.

It’s never too early. If you see an interesting job posting reach out and go thorough the process. At worst you learn a bit about what they were looking for and gain some interview experience. At best you get a job offer. Even if you decide not to take the offer you learn a bit about the positions available to you.

It costs effectively nothing to apply. Just a few hours of your time.

Most credit card issuers don’t issue credit cards to random apps by solo developers.

I would pay a lot of money to see Nintendo’s conniption over having to allow home brew and non-approved software on their game consoles. I would love to release emulators for older Nintendo consoles for the Switch so that they don’t get to keep charging people again to play old games on newer consoles.

1. I can usually pull out my phone faster than taking a card out of my wallet.
2. Phone-based cards typically have significantly higher limits than physical cards. (I can tap hundreds of dollars with my phone, only about $100 on my card.)
3. The phone needs to be unlocked which is safer than the card which just needs to be tapped with no other authentication.
4. One less thing to carry around.

Because to implement this you need to negotiate with individual credit card issuers. Basically how this works is that your phone is being issued a virtual card with the keys locked inside the phone’s HSM. Then it can be used to make NFC payments just like any physical card. So you need 1. contracts with many card providers, 2. card issuance processes with these providers 3. huge amounts of compliance bureaucracy. At the end of the day it isn’t really worth it unless you are a huge company and expect to have tons of users or see it as an essential feature of your phone OS.

It’s not “inherently insecure” at least not to that degree. (Once could argue that lack of E2EE is insecure.) If you stand up an unrelated instance you shouldn’t be able to access private messages that don’t relate to an account on your instance. So only bugs in your instance, or your conversation partner’s instance, will be able to leak those messages.

I wonder if it could be something like adding a Link: </post/1234>; rel="activitypub" header or <link rel=activitypub href=/post/1234>. Then a browser (or browser extension) could detect this canonical ActivityPub URL and offer to open it in your configured instance or app. This is basically how RSS feeds work.

I wonder if it would be better to have a term limit. I don’t really care if you are 125, but there should be a limit to how long you sit there with huge amounts of power. Especially since they aren’t directly re-elected.

I have to say that I have mixed feelings about the Ninja Creami blender-style ice cream maker compared to a churner. But holy shit it makes perfect milkshakes with near zero effort. Makes it completely worth it.