Many people have a warped understanding of what “two factor” means.

They conflate it with devices and they think it means that one of the factors (why one? which one? who knows) needs to be restricted to exactly one device.

What “two factor” really means is that you should have more than one required factor of authentication so that if one is compromised the attackers still can’t get in.

Ideally the factors should be spread across the “something you know” / “something you own” / “something you are” categories to complicate the manner in which they can be compromised.

We can only reliably rememeber a limited amount of passwords, so like it or not we have to use some devices at least some of the time.

The trouble with “something you own” is that it can be lost or damaged or stolen, and if you only have one of it then you’re fucked. So adding some redundancy is not a bad idea.

The larger issue is that everybody is stuck into extremely rigid and outdated mindsets that date back decades. “Two factors” don’t have to be exactly two, and they don’t have to include exactly one password, and so on. It should be fine if you wanted to secure your account with 3 passwords, and should be up to you if one of those password is a barcode tattooed on your taint so you need a mirror and to bend upside down to scan it.

Bottom line, use whatever you want and use your best judgment as to how secure is each factor. If you want to use something that syncs to multiple devices, go ahead. What you should consider is who has access to those devices and how it would affect you if they’re lost or stolen.

This whole debacle is a festival of stupidity:

• It’s a personal project that taxes the sole maintainer disproportionately.
• Millions of idiots use it blindly and end up building elaborate software on it. https://xkcd.com/2347/
• I’ll bet you 99.99% of those idiots use it only for ip.isPrivate(), which you can write yourself in 5 minutes.
• The CVE is a non-issue (who the fuck would call a function that takes string notation with hex numbers?)
• Appealing and reverting or downgrading CVEs is super complicated.

At this point the maintainer is fucked no matter what they do, so archiving the project and telling everybody to fuck off right back was really the only sane thing to do.

Then fork it and do that.

These projects are structured as hobbyist projects and get whatever time the maintainer can spare. I have projects like that, they’re useful, but I’m not gonna prioritize them over… anything else, come to think of it.

The fact so many people treat a hobbyist project with one maintainer as critical infrastructure is insane, but that’s on them. Everybody likes free software, nobody likes to help or pay the maintainer.

Last I read about it it required connecting for 6-7 hours continuously on 32bit systems, and it’s unknown how long it would take on 64bit.

They’re more like PO boxes in this case.

Trump’s appointments tipped the balance. They didn’t “decide” as much as been taken over. It’s a part of the judicial system gone rogue and Congress is supposed to reign it back in.

Clearly it wasn’t maintained.

Lol. It’s an IP library. IP classifications haven’t changed. What could he possibly update?

I would uninstall the screensaver so fast if I saw a nag screen. Wtf it’s a screensaver, what does it matter? I’ll use a version that’s 50 years old if I want to.

You can get a small Bluetooth keyboard. They make them really tiny, for this exact use case (smartphones and tablets).

Since this is a Surface you can probably find one that’s been specifically designed to integrate with it (act as a cover).

glib2-devel is available in Manjaro.

glib2-devel is present on all Manjaro branches.

glib2-devel is a core package and pacman should be able to install it directly. Have you updated your package mirrors and upgraded the system since you installed the machine?

Alright, have fun with that. 🙂

If you mean to do that in the public DNS records please note that public records that point at private IPs are often filtered by ISP’s DNS servers because they can be used in web attacks.

If you don’t use your ISP’s DNS as upstream, and the servers you use don’t do this filtering, and you don’t care about the attacks, carry on. But if you use multiple devices or have multiple users (with multiple devices each) eventually that domain will be blocked for some of them.

Generally speaking, a subdomain like jellyfin.myhome.com will work out much better than a subpath like myhome.com/jellyfin.

Very few web apps can deal well (or at all) with being used under a subpath.

It’s not. Series X and series S use native Bluetooth and work with xpadneo. Older controllers use their own proprietary receiver that needs to be plugged into the machine and work with regular xpad.

Probably a better idea would be to leave it archived. Whoever wants to take over can fork it and prove themselves by showing their work.

The xz debacle has shown that there are risk involved in an established developer endorsing an unknown one.

It will go through Google servers if you want to talk to an Android user… If Apple implemented RCS only for its own users there wouldn’t be much point to it. 🙂

You just need an app that does this transparently.

Oh wait, that’s why Google isn’t letting anybody else use RCS. 😄

I’d be more interested to know what they think iMessage is, if not a messaging app…