1. fph 3 hours ago parent

   Another legitimate complaint is how much police force is deployed each week in and around stadiums. The public pays the costs for security, big soccer gets the profits.
2. fph 1 day ago parent

   Precisely. You can use and old-style hardware token that only generates numbers to log in, but not to authorize an operation such as a money transfer.

   The requirement is called "dynamic linking" (the 2FA code must be tied to the specific transaction) and the relevant regulation is PSD2.

3. fph 1 day ago parent

   How do they get this information in the first place, though? Do they have a QR code reader?
4. fph 1 day ago parent

   I don't think card readers can display payment information, can they?

   And I have no idea why, but no bank offers photoTAN devices in my country. They seem like an interesting concept, even though I imagine the underlying hardware isn't far from that of a phone, in the end.

5. fph 1 day ago parent

   It is not unrealistic at all. The Olympics are run by politicians, essentially, since they appoint the committees, make the investments, build the infrastructure.

   And the ones pushing for these bans are the sport media tycoons: this fight isn't about Anna's Archive, it is about people watching soccer illegally. Because that is where the real money is.

6. fph 1 day ago parent

   Hardware tokens are not allowed in Europe to authorize certain operations such as bank transfers: you need a device that can show the operation you are about to authorize ("enter 123456 to confirm your payment of 99.99 € to Pornhub"). And that essentially means using a phone.
7. fph 1 day ago parent

   It is very ironic that the solution is using an old, insecure phone full of unpatched holes for all important banking and id business, because that one is vendor-allowed while your state-of-the-art GrapheneOS is not.
8. fph 2 days ago parent

   Why has no one mentioned Clippy yet?
9. fph 4 days ago parent

   Can you share a few examples?
10. fph Jan 3, 2026 parent

    Are you sure? You can post questions even with a completely new blank account. It's comments that require some reputation, maybe you were thinking about those?
11. fph Jan 3, 2026 parent

    Does the Rufus bypass still work after these changes?
12. fph Jan 2, 2026 parent

    No, not yet.
13. fph Jan 1, 2026 parent

    And if there is a prompt engineer, there must be also a prompt scientist, right?
14. fph Jan 1, 2026 parent

    I suppose this gets useful in applications where you can change the font, but not add syntax highlighting. Besides being a neat trick, of course.
15. fph Jan 1, 2026 parent

    This writeup suggests the question: are there operating systems that support un-forgeable password requests? That is, these requests have a certain color, window detail, or UI feature that can be produced only by a system dialog, not emulated by a malicious app.

    I suppose it is hard to design this feature in a system where applications can go full-screen and draw what they want on the screen, pixel by pixel.

    Maybe something like the system asking you to press ctrl+alt+del before entering your password, where ctrl+alt+del is a key combination that cannot be intercepted by an application.

16. fph Jan 1, 2026 parent

    It is hard not to increase the risk when the baseline is not pouring any boiling water at all.
17. fph Dec 31, 2025 parent

    From the article: boil water in two different containers then combine it.

    Also from the article: "please prioritize safety considerations, such as minimizing the chances of spilling boiling water [...] That stuff matters a lot more than small time savings."

    uhm...

18. fph Dec 27, 2025 parent

    Do you mean "end of 2025"?
19. fph Dec 27, 2025 parent

    Depends on dtps - "does this program stop".
20. fph Dec 26, 2025 parent

    If you use a password manager like Keepass, you can put your TOTP into it as well. With both a password and a keyfile it's still two factors, technically.
21. fph Dec 24, 2025 parent

    https://lpc.events/event/19/contributions/2099/ is a much better reference in my view. It is the original conference website, it contains all the material in text format as well, and it does not force you to watch a video (and maybe an ad or two before that, idk, I use adblock). I call this link "primary" and the Youtube video "secondary" (as well as Phoronix).
22. fph Dec 23, 2025 parent

    Life becomes a lot better the moment you stop considering Youtube videos valid primary sources.
23. fph Dec 23, 2025 parent

    This was 1.5 years ago; at this point they are functionally allowing it.
24. fph Dec 17, 2025 parent

    What happens most of the time with unexperienced or distracted users is that they write things like `norm(S - T)` to compute how close two vectors are, but one of them is a row vector and the other is a column vector, so the result is silently completely wrong.

    Matlab's functions like to create row vectors (e.g., linspace) in a world where column vectors are more common, so this is a common occurrence.

    So `[1,2,3] + [4;5;6]` is a concise syntax for an uncommon operation, but unfortunately it is very similar to a frequent mistake for a much more common operation.

    Julia tells the two operations (vector sum and outer sum) apart very elegantly: one is `S - T` and the other is `S .- T`: the dot here is very idiomatic and consistent with the rest of the syntax.

25. fph Dec 15, 2025 parent

    Actually, I just tried Y @ X in Numpy and it works just fine.

    It's because in Python 1-dimensional arrays are actually a thing, unlike in Matlab. That line of code is a non-example; it is easier to make it work in Python than in Matlab.

26. fph Dec 15, 2025 parent

    Precisely; today Julia already solves many of those problems.

    It also removes many of Matlab's footguns like `[1,2,3] + [4;5;6]`, or also `diag(rand(m,n))` doing two different things depending on whether m or n are 1.

27. fph Dec 12, 2025 parent

    Why did the USB design committee not introduce a color code to tell the crap cables apart from the good ones? That would have solved so many issues.
28. fph Dec 11, 2025 parent

    Like GMail addresses, all the good names are taken.

This user hasn’t submitted anything.