Difference between revisions of "User:Tepples/axes to grind"

From Pin Eight
Jump to: navigation, search
(Google 2FA is resolved)
(Resolved: Combine 2FA and TLS points; StartCom has wound up)
Line 7: Line 7:
 
:Use a low-end Android phone with no SIM.
 
:Use a low-end Android phone with no SIM.
 
;2-factor authentication is expensive for prepaid cellular users who pay per incoming SMS
 
;2-factor authentication is expensive for prepaid cellular users who pay per incoming SMS
:A [[wikipedia:Time-based One-time Password Algorithm|TOTP]] app works on a tablet, even offline, and Google Chrome on a PC with USB can use [[wikipedia:Universal 2nd Factor|U2F]] keys.
+
:A [[wikipedia:Time-based One-time Password Algorithm|TOTP]] app works on a tablet, even offline, and Google Chrome on a PC with USB and sufficient RAM can use [[wikipedia:Universal 2nd Factor|U2F]] keys. And despite a help page stating that it requires a cell phone number,<ref>"[https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en Install Google Authenticator]". Google. Accessed 2017-09-18.</ref> the combination of an Android tablet with Google Play and one-time paper backup codes works as well as of January 2018.
 +
;2-factor authentication on Twitter is expensive because you need a separate cell phone line for each Twitter account
 +
:This restriction was in place for years, and [https://jessysaurusrex.com/2014/09/15/a-rant-twitter-your-2factor-authentication-sucks-or-why-brands-get-hacked-on-twitter/ Jessy called it a major reason why brands get hacked]. ([https://twitpic.com/csq7i6 Picture of error message]) Sometime by mid-September 2016, Twitter increased this to 10 accounts.<ref>[https://support.twitter.com/articles/110250 Add your phone number to your account]. Twitter. Accessed 2016-09-15.</ref>
 
;Chromebook verified mode runs only JavaScript
 
;Chromebook verified mode runs only JavaScript
 
:Install [https://developer.chrome.com/native-client/io2014 NaCl Development Environment], a subset of Native Client SDK for Chrome OS. However, this workaround will become impractical in early 2018 once [https://news.slashdot.org/story/16/08/19/1936232/google-will-kill-chrome-apps-for-windows-mac-and-linux-in-early-2018 Google follows through on its announced plan to kill Chrome web apps on Windows, macOS, and X11/Linux], making it [https://slashdot.org/comments.pl?sid=9547183&cid=52739467 impossible to synchronize a project] between a Chromebook and any computer other than a Chromebook.
 
:Install [https://developer.chrome.com/native-client/io2014 NaCl Development Environment], a subset of Native Client SDK for Chrome OS. However, this workaround will become impractical in early 2018 once [https://news.slashdot.org/story/16/08/19/1936232/google-will-kill-chrome-apps-for-windows-mac-and-linux-in-early-2018 Google follows through on its announced plan to kill Chrome web apps on Windows, macOS, and X11/Linux], making it [https://slashdot.org/comments.pl?sid=9547183&cid=52739467 impossible to synchronize a project] between a Chromebook and any computer other than a Chromebook.
Line 19: Line 21:
 
:Android isn't the answer here, as external gamepads are unpopular due to their bulk. Make a PC game playable with a keyboard or [[USB game controller|HID joystick]], sell it on itch.io and then Steam, and then once you see $50K in revenue, you will probably have become "this tall". Besides, Nintendo has opened its developer program to the public as of July 7, 2016.
 
:Android isn't the answer here, as external gamepads are unpopular due to their bulk. Make a PC game playable with a keyboard or [[USB game controller|HID joystick]], sell it on itch.io and then Steam, and then once you see $50K in revenue, you will probably have become "this tall". Besides, Nintendo has opened its developer program to the public as of July 7, 2016.
 
;iOS requires a recurring fee to run software you compiled
 
;iOS requires a recurring fee to run software you compiled
:Xcode since version 7 allows deploying apps built from source to devices on your Apple ID. Any purported recurring fee is to distribute software to the public, to distribute software to others in your organization, or to keep up with macOS dropping support for old hardware.
+
:Xcode since version 7 allows deploying apps built from source to devices on your Apple ID. Any purported recurring fee is to distribute software to the public, to distribute software to others in your organization, or to keep up with new Xcode dropping support for old macOS and new macOS dropping support for old hardware.
 
;The [[wikipedia:Backdoor (computing)#Compiler backdoors|Ken Thompson attack]] allows a backdoor to propagate to a freshly compiled self-hosted compiler
 
;The [[wikipedia:Backdoor (computing)#Compiler backdoors|Ken Thompson attack]] allows a backdoor to propagate to a freshly compiled self-hosted compiler
 
:If a language has multiple compilers, at least one as published source code, [http://www.dwheeler.com/trusting-trust/ diverse double-compiling] detects this attack. Other languages can be bootstrapped through an implementation in a language for which a clean compiler can be verified through DDC. For example, use OCaml to compile old Rust and old Rust to compile new Rust.
 
:If a language has multiple compilers, at least one as published source code, [http://www.dwheeler.com/trusting-trust/ diverse double-compiling] detects this attack. Other languages can be bootstrapped through an implementation in a language for which a clean compiler can be verified through DDC. For example, use OCaml to compile old Rust and old Rust to compile new Rust.
;TLS hosting is too expensive for [[Portfolio hosting|hobbyists]]
+
;TLS is too expensive for [[Portfolio hosting|hobbyists]]
:If your site is too small for a $10/mo VPS, use DreamHost.
+
:If your personal website is too small for a $10 VPS, use DreamHost. For the certificate, use Let's Encrypt. If your present shared web host makes renewal every 9 to 12 weeks a hassle, use SSLs.com ($15 for 3 years at a time) to cover the remainder of your hosting contract while you plan migration to DreamHost.
;TLS certificates are too expensive for hobbyists
 
:Use Let's Encrypt. If your present shared web host makes renewal every 12 weeks a hassle, you can use StartSSL (free for 1 year at a time for 1 individual site) or SSLs.com ($15 for 3 years at a time) to cover the remainder of your hosting contract while you plan migration to DreamHost.
 
;2-factor authentication on Twitter is expensive because you need a separate cell phone line for each Twitter account
 
:This restriction was in place for years, and [https://jessysaurusrex.com/2014/09/15/a-rant-twitter-your-2factor-authentication-sucks-or-why-brands-get-hacked-on-twitter/ Jessy called it a major reason why brands get hacked]. ([https://twitpic.com/csq7i6 Picture of error message]) Sometime by mid-September 2016, Twitter increased this to 10 accounts.<ref>[https://support.twitter.com/articles/110250 Add your phone number to your account]. Twitter. Accessed 2016-09-15.</ref>
 
;2-factor authentication on Google is expensive because you need an active cellular subscription
 
:Google has long supported TOTP, and despite a help page stating that it requires a cell phone number,<ref>"[https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en Install Google Authenticator]". Google. Accessed 2017-09-18.</ref> the combination of an Android tablet with Google Play and one-time paper backup codes works as well as of January 2018.
 
  
 
== Soon resolved ==
 
== Soon resolved ==

Revision as of 03:16, 19 January 2018

Some forum users have characterized some of my philosophical stances as "axes to grind". But changes in technology and policy have rendered some of the older stances obsolete.

Resolved

No 4-5" tablet running Android with Google Play as a counterpart to iPod touch
Use a low-end Android phone with no SIM.
2-factor authentication is expensive for prepaid cellular users who pay per incoming SMS
A TOTP app works on a tablet, even offline, and Google Chrome on a PC with USB and sufficient RAM can use U2F keys. And despite a help page stating that it requires a cell phone number,[1] the combination of an Android tablet with Google Play and one-time paper backup codes works as well as of January 2018.
2-factor authentication on Twitter is expensive because you need a separate cell phone line for each Twitter account
This restriction was in place for years, and Jessy called it a major reason why brands get hacked. (Picture of error message) Sometime by mid-September 2016, Twitter increased this to 10 accounts.[2]
Chromebook verified mode runs only JavaScript
Install NaCl Development Environment, a subset of Native Client SDK for Chrome OS. However, this workaround will become impractical in early 2018 once Google follows through on its announced plan to kill Chrome web apps on Windows, macOS, and X11/Linux, making it impossible to synchronize a project between a Chromebook and any computer other than a Chromebook.
Chromebook dev mode encourages user to wipe it
This is a security feature to prevent those out of the know from accessing your private data and unpublished works. Tape a notice on the bezel to press Ctrl+D, and keep your electronics out of reach of children and non-technical users. Or a Chromebook can allegedly be set to dual-boot Chrome OS and a traditional GNU/Linux OS according to wierd_w's comment: back up all data, go to developer mode, enable legacy boot, and leave developer mode. Then Ctrl+L boots from a USB flash drive instead of the default verified Chrome OS.
You must be this tall to develop a video game optimized for a TV
Graphically heavy PC games can use Steam Link, and graphically light PC games can use a laptop.
You must be this tall to port a nearly completed PC game to a console
Xbox One developer mode costs $19 for individuals who are Windows 10 licensees.
You must be this tall to port a video game that uses buttons to a handheld platform that English speakers are likely to own
Android isn't the answer here, as external gamepads are unpopular due to their bulk. Make a PC game playable with a keyboard or HID joystick, sell it on itch.io and then Steam, and then once you see $50K in revenue, you will probably have become "this tall". Besides, Nintendo has opened its developer program to the public as of July 7, 2016.
iOS requires a recurring fee to run software you compiled
Xcode since version 7 allows deploying apps built from source to devices on your Apple ID. Any purported recurring fee is to distribute software to the public, to distribute software to others in your organization, or to keep up with new Xcode dropping support for old macOS and new macOS dropping support for old hardware.
The Ken Thompson attack allows a backdoor to propagate to a freshly compiled self-hosted compiler
If a language has multiple compilers, at least one as published source code, diverse double-compiling detects this attack. Other languages can be bootstrapped through an implementation in a language for which a clean compiler can be verified through DDC. For example, use OCaml to compile old Rust and old Rust to compile new Rust.
TLS is too expensive for hobbyists
If your personal website is too small for a $10 VPS, use DreamHost. For the certificate, use Let's Encrypt. If your present shared web host makes renewal every 9 to 12 weeks a hassle, use SSLs.com ($15 for 3 years at a time) to cover the remainder of your hosting contract while you plan migration to DreamHost.

Soon resolved

Android window management is all maximized all the time, leading to an impractical 10 inch calculator
Will be retired once Android Nougat reaches entry-level tablets.
HTML Application Cache was deprecated before all major browsers supported Service Workers
Service Workers[3] allow a web application to run offline, bypassing a desktop or mobile platform's native app store. Among major web browser publishers, Apple was the last to implement Service Workers, beginning to add them to WebKit in August 2017,[4] and they remain "In Development" in the fourth quarter of 2017.[5] Will be retired once the API ships in Safari, probably in iOS 12.

Open

  • 2-factor authentication on Twitter is expensive because the user has to maintain an active cellular subscription to receive codes through SMS. Twitter didn't add TOTP until April 2017, and not only does it require SMS to set up TOTP,[6] Twitter still sends TOTP users a code through SMS on every login.[7] (All in 1 post) And this number must specifically be capable of SMS; when tested in 2017, Twitter could not place voice calls to a Frontier landline or an AT&T wireless home phone. This affects users in the United States, where pretty much every cellular carrier other than Truphone charges pay-as-you-go users not only for sending SMS but also for receiving SMS.
  • Games for modern video game consoles don't support community-developed mods. This affects anyone who has played Team Fortress or Counter-Strike, series that began as mods of Quake and Half-Life.
  • There are only an estimated 105.4 million legally distinct musical hooks, and BMI alone controls a tenth of them. This affected George Harrison.
  • Information security techniques based on whitelisting software sources, such as code signing certificates, can be cost-prohibitive for hobbyists and low-volume software businesses. This affects the_Bionic_lemming.
  • New web browser features requiring TLS, such as the Service Workers needed for offline web applications and the Media Capture API need for voice chat, do not work across a private network because setting up a secure context can prove impractical. This affects greggman.
  • Without ads, a lot of websites would go out of business because they're not sticky enough for a monthly subscription to one site. This affects you and other users of the forum you rode in on.
  • Without JavaScript or WebAssembly, OS-independent rich apps would have to run in an x86 or x86-64 VM instead.
  • Many rural users still can't get wired broadband even in 2017. This affects Guilty and Rahsennor on forums.nesdev.com and TheHappySpaceman on YouTube.
  • Many Seattle residents can't get broadband because of Director's Rules. Though CenturyLink deployed gigabit fiber throughout much of Seattle during 2015, coverage doesn't appear full.
  • Many sites are broken in Safari because not every hobbyist or nonprofit web developer can afford a separate computer just for testing on a 2% browser.
  • Broadcast rights prevent an e-sport based on a proprietary video game from entering the public consciousness the way, say, football has. This has affected several Super Smash Bros. tournaments, most notably one in 2010.

References

  1. "Install Google Authenticator". Google. Accessed 2017-09-18.
  2. Add your phone number to your account. Twitter. Accessed 2016-09-15.
  3. "Service Workers Nightly". W3C, 2017-10-13. Accessed 2017-10-13.
  4. Thomas Claburn. "Apple signals it's willing to let next-gen web apps compete with iOS apps". The Register, 2017-08-04. Accessed 2017-10-13.
  5. "WebKit Feature Status". Accessed 2017-10-13.
  6. Abhimanyu Ghoshal. "Twitter now supports two-factor authentication apps, here’s how to secure your account". The Next Web, 2017-04-17. Accessed 2017-09-18.
  7. Jack Morse. "Twitter's 2-factor authentication has a serious problem". Mashable, 2017-06-16. Accessed 2017-12-04.