anon102010 (u/anon102010)

anon102010 commented on AMD Launches 12 Desktop Renoir Ryzen 4000G Series APUs: But You Can’t Buy Them anandtech.com/show/15921/... · Posted by u/frankjr

nazgulsenpai · 6 years ago

I just got a Lenovo V14 Ryzen 5 4500U laotop yesterday and this thing is amazing. It benchmarks almost as high as my Ryzen 5 1600 desktop PC, but it feels so much faster in actual everyday use.

To those who scoff at repurposed laptop parts being used in desktop systems, I don't think that's going to be an issue here because these 4000 series APUs have outstanding performance.

I'm not an Intel fan and have a tendency to root for the underdog so I may have an inherent bias here. The fact that Intel not only has competition, but has in alot of arenas been bested by AMD should only mean good things for the health of the overall market.

anon102010 · 6 years ago

APU's are great for the mini pc market. I don't need a laptop (currently) but I love using a SFF machine without much fan noise. These parts tend to get packaged into these machine. Lenovo M75q Tiny etc.

Based on these parts speed I may move to a laptop as my "main" machine in the future. Just dock it at home, office and use on road.

anon102010 commented on How Nespresso's coffee revolution got ground down theguardian.com/food/2020... · Posted by u/ohjeez

aivisol · 6 years ago

I admit I did not do research before posting, my bad. Was not aware they are made from aluminum. But it is still nonsense to create packaging for every 5 grams of product made.

anon102010 · 6 years ago

At least locally Kcups from Kurig are much more common - 100% plastic. I always thought of the nespresso ones with the recycling bags as more enviro friendly.

But I also thought Apple with its long support lifetimes for products and good resale values was probably better for environment than the android junk with uncertain supply chains, but HN regularly has stories trashing apple has terrible for environment and never says anything about android so who knows.

anon102010 commented on How Nespresso's coffee revolution got ground down theguardian.com/food/2020... · Posted by u/ohjeez

aivisol · 6 years ago

I would vote for not creating plastic waste in the first time. This is not life saving essential product you cannot live without which you need to produce in mega quantities. What percentage of the capsules is recycled and what percentage ends up in the landfills? Is recycling not energy intensive operation? (Someone even mentioned fedexing used capsules?) I mean single use plastic shopping bags, plates and cutlery are convenient too... why do we try to reduce them ?

anon102010 · 6 years ago

Why do we falsely claim their pods are plastic? Their competitors use plastic and receive no criticism. They do aluminum and a bag drop program and are trashed

anon102010 commented on British Airways announces immediate retirement of 747 fleet airlinegeeks.com/2020/07/... · Posted by u/cockpitherald

kelnos · 6 years ago

Right, they meant that the trappings of first class are so over the top that it makes them uncomfortable.

Odd thing is I thought the 747 was usually configured with biz class upstairs (I got a biz upgrade on a SIN->DPS flight many years ago and flew upstairs) and first class in the front of the main level, so maybe they weren't talking about first class. Or perhaps some airlines have/had 747s with first upstairs.

anon102010 · 6 years ago

100% my error - main deck for sure. We also boarded using wrong jetway - I guess there was a first entrance somewhere maybe that was different?

anon102010 commented on British Airways announces immediate retirement of 747 fleet airlinegeeks.com/2020/07/... · Posted by u/cockpitherald

massysett · 6 years ago

I don't understand the nostalgia for these planes. I see a big plane and I think "cattle car." There's nothing nice about sitting in the middle section of a huge wide-body plane, far from the luggage bin, far from the window, and with the prospect of climbing over several people or waking them up so you can go to the bathroom. It takes a long time to board and deplane them.

Moreover, as a passenger I want point-to-point air service at a convenient time. This is possible with smaller airplanes. Big plane requires funneling passengers to some big gateway airport so they can fill the gigantic plane. That requires spending time in airports. Not interested.

If the nostalgia is that there's something elite about a big plane: Gordon Gekko didn't fly around in a 747.

There's a reason these planes are obsolete. Planes like the 737 have democratized air travel and made it affordable for everyone. That's a much bigger achievement than the 747 will ever be. And I'll take the convenient frequent long-distance service that narrow-body planes offer (US mainland to Hawaii on a 737? Amazing!) over a 747 any day. A curving staircase on an airplane just doesn't scream "cool" to me.

anon102010 · 6 years ago

I did international first in the 747. Def not ‘cattle car’. The front windows are angled so you can see forward more than usual - it’s surprisingly quiet in the top front and the views were beautiful- you felt like you were floating. I slept well too which is rare (wine may have helped) and fun to think of the engineering that went into these big birds. Only negative is that it is all so over the top - wife and I more comfortable in biz or e+

anon102010 commented on Disabling Google 2FA doesn't need 2FA if you're already logged in infoq.com/news/2020/07/go... · Posted by u/Garbage

rdiddly · 6 years ago

This is the "It's because of our amazing success that we totally fail at things" argument. If you can't do things right "at scale," that's fine, but everyone should know you suck at servicing that level of load, for example the fact that you don't require 2FA to change my 2FA settings, and there's no support path or even a support department for when my phone falls into a port-a-potty.

anon102010 · 6 years ago

You can't change 2FA with just your password - you are being confused by the headline.

You need a second factor. That is either your 2FA device, a backup 2fa, backup codes, an authenticated and still valid login session etc.

If you are security paranoid you can lockout insecure 2fa methods, never validate your device and sign up for their Advanced Protection Program.

Note however, google is VERY clear -> if you lock yourself out it is game over. They do not allow humans to override the lockouts -> period. This is obviously good for security. All the folks here complaining about this supposed 2FA issue while asking for human support to allow login override / resets really have no clue about the GIANT security hole that opens.

Witness all the sim card hijacking done through phone co's (that do allow human involvement).

Google is CRYSTAL clear.

Q: Create a replacement Google Account

A: If you still can't get into your account, create a new one.

Q: Why can't I get into my old account?

A: We couldn't be sure that you're the owner. To keep accounts safe, we can't give access to them if we can't confirm who the owner is.

They've closed the big hole (human override / corruption / bribes / social engineering). And have made it so that you have only a bit of extra risk to stay in your account. Don't like that? Don't authenticate your devices as trusted.

anon102010 commented on Disabling Google 2FA doesn't need 2FA if you're already logged in infoq.com/news/2020/07/go... · Posted by u/Garbage

azinman2 · 6 years ago

This defeats the point of 2FA if you can turn it off without that second factor. In your example, if you don't have that authenticated session then you're still screwed... so you must design for the worst case scenario. The risk of 2FA is losing a device, which is why a proper design has other safety backups, such as backup codes, or leveraging a combination of other accounts that can vouch for you and humans in the loop.

anon102010 · 6 years ago

You already have authenticated your computer as the second factor. The article headline implies you can just use a password to remove 2FA. False.

You can use your password AND that authenticated and still valid session or device to do the reset.

Google gives you options with your free account.

1) No 2FA

2) 2FA with insecure methods

3) 2FA with security keys and authenticators.

4) Advanced Protection Program

5) Paid account options with additional options / controls.

anon102010 commented on Disabling Google 2FA doesn't need 2FA if you're already logged in infoq.com/news/2020/07/go... · Posted by u/Garbage

koffiezet · 6 years ago

> You need to have a 2FA authenticated connection or be on a 2FA authenticated device within validity period to change 2FA settings. You can elect to have 2FA not remember the device you have logged into as well (ie, the remember this device for 30 days option) if you are particularly paranoid.

To change security-related settings, it's default practice to double-check even the user's password without 2fa.

> This is a fantastic balance in terms of security and usability.

Sorry, that's plain apologetic bullshit. How often do you enable and disable 2fa? This has nothing to do with usability.

anon102010 · 6 years ago

This is not "apologetic BS"

Your comment illustrates a DEEP misunderstanding of dealing with users at scale.

You have millions and millions of users.

You are proposing that the threat / benefit model is such that if they lose their 2FA device (very easy via upgrades to phones, lost phones broken phones) EVEN though they have their password and and have access to a trusted device within the validity window for device trust they will be locked out, potentially forever from their account?

Do you

a) realize how common this situation is?

b) realize how angry users will be to lose access to all their google services with basically no support route to recover that?

c) what pressure there will be to allow for other recovery methods THAT ARE EVEN WEAKER?

I've gone through 2FA reset procedures over the phone with a few companies, and in EACH case it struck me how easy it would be to socially engineer or use very minimal info to get a new 2FA when they allow these methods (ie, last 4 digits of CC was one reset piece of info). So you need to allow workable 2FA update methods so that your fallback can be pretty tight if allowed at all.

Finally, consumer accounts have basically NO recovery option if you are locked out. I had a relative get locked out, nothing to be done (they had a landline that couldn't accept text messages and the system won't do voice calls). There is NO human backup - all emails, google photos, google drive etc GONE.

anon102010 commented on Zoom Zero-Day Allows RCE, Patch on the Way threatpost.com/unpatched-... · Posted by u/LinuxBender

ebg13 · 6 years ago

> 0patch became aware of the flaw thanks to a “private researcher” who wants to remain anonymous—that person said no disclosure was made to Zoom

No disclosure was made to Zoom. Why? What's the point of doing that?

anon102010 · 6 years ago

Live in a country that criminally prosecutes security researches? Jails them?

anon102010 commented on Disabling Google 2FA doesn't need 2FA if you're already logged in infoq.com/news/2020/07/go... · Posted by u/Garbage

anon102010 · 6 years ago

This is 100% false. You need to have a 2FA authenticated connection or be on a 2FA authenticated device within validity period to change 2FA settings. You can elect to have 2FA not remember the device you have logged into as well (ie, the remember this device for 30 days option) if you are particularly paranoid.

The headline should say - You can disable Google 2FA on 2FA authenticated connections without re-authenticating.

This is a fantastic balance in terms of security and usability. I switched iphones and google authenticator did not bring my 2FA's over, I got on my machine that had already authenticated and setup a new 2FA. Whew. Other systems were MUCH much harder to restore AND you could still get around 2FA but now with human involvement (social engineering risk). I've worked govt jobs with security so "tight" that everyone got the workarounds worked out - the social engineering would be as easy as I need reset for user X and they stopped even checking who anyone was the volumes were so high.

The loss in security is minimal here, and the loss is controllable, and it reduces pressure on other reset approaches (seriously, if you lock yourself out of google you will REALLY want to get back in).