Readit NewsI guess in this case it's like a second password. Only really useful if someone only manages to bruteforce/spy my main master key but not the second one, right?
Would love to hear opinions on this, I might be missing something.
But, more importantly for gnicholas's point, Whatsapp gives you a warning days/weeks ahead about the need to update the app. My grandmother is almost never connected to a Wi-Fi network, so her apps don't usually update, and she hardly uses any app other than Whatsapp anyway. She got the warning one time and gave me a call immediately, so I walked her through about what to do (i.e. yes grandma, click the update button). If it silently fails, like gnicholas says, and if this happens often, then I can't imagine using Signal with her.
[1]: https://faq.whatsapp.com/general/download-and-installation/a...
Previously I used KMPlayer by the same developer, which supported not just two but three simultaneous subtitles (which I sometimes used, as strange as it may sound); but I switched to PotPlayer when he sold the program and it started to be bundled with ads.
Both programs are only available on Windows, and lack of something as featureful and customizable as PotPlayer was one of the reasons my brief flirtation with Linux at the start of this year wasn't that satisfactory. But if all you want is multiple subtitles, I found SMPlayer on Linux that did the job; but the features of PotPlayer/KMPlayer is simply unmatched (beyond just language learning).
Notepad++ already obeys the Windows system colors, and I have been using it in dark mode by changing Windows colors. Microsoft, presumably to sabotage classical programs and to push modern UWP apps, no longer allows changing system colors. There is a Windows 10 Dark Mode instead, and all it does it notify programs about its configuration, so that they redraw all their colors. A vestige of customizable system colors that remains is the (ugly) High Contrast Mode (activated with Alt+Shift+PrtSc); but if one can put up with its ugliness, it works much better than the Windows 10 Dark Mode, changing the theme for all well-written Windows programs, including all versions of Notepad++.
With the UWP mostly dead, I was hoping that they would start caring about "legacy" programs, but nope. Notepad++, as well as many other programs I use and contribute, saw that Windows was not fixing this and started adding their own patchy dark modes, which often don't work that well. I tested the new Notepad++ dark mode, to see maybe I can start using Dark Mode instead of High Contrast Theme. Unsurprisingly, many places (settings, dropdowns etc.) remain with white backgrounds; it is difficult to change all backgrounds as it was written with obeying system colors in mind, rather than manual theming. High Contrast Theme, however, works perfectly. Presumably those remaining white patches will be fixed as Notepad++ has an active community, but dozens of other old Windows programs I use will probably never bother with explicitly adding a dark theme, so I guess I will have to stick with the High Contrast Mode.
Most likely there would be a breach on the site's database, where all password hashes, and the TOTP seeds are stored. In that case, having 2FA or not doesn't make any difference.
2FA is usually useful if the user is not confidence of the integrity of his login device, e.g. public library computer. If you are perfectly confident of your own device, there isn't really any point of having 2FA.
1) In the first case, chances are that I would realize this immediately and change my password, which I would have time to do as there is no actual attacker yet; only future opportunistic attackers. 2FA would be useful only if I not only pasted my password and 2FA code, but then not even realized it. Then 2FA might help since by the time anybody notices this, the 2FA code would be invalid.
2) In the second case, if the phishing attack is not real-time (i.e. attackers are just recording my credentials instead of immediately logging in in my place), 2FA would help since the 2FA they stored would be invalid when they tried using it. 2FA is less helpful in a real-time phishing attack; though having 2FA might still help since changing my login credentials would presumably require another 2FA code so at least they can't lock me out (unless they can convince me that I need to enter another 2FA code, which I guess is possible if I was absent-minded enough to fall for it in the first place).
In any case, I don't worry much about these scenarios and I agree with you about 2FA, that's why I don't usually bother with it except in cases where websites freak out because I keep logging in from foreign IPs with no cookies. Then 2FA is useful because it makes the website trust my login, at no additional inconvenience to me as KeePass auto-types 2FA code just like my password, so I don't mind enabling it when I can.
That's only true if you are using an online service as a password manager, so the master password is the only thing protecting you. Not necessarily for offline password managers. E.g. in my case, I use Keepass that I never sync/store online, so even without enabling a website's 2FA, for many attack models I am effectively using 2FA: logging into the website requires both something I have (a device with my Keepass database) and something I know (the password for my Keepass database). But without website 2FA those two factors then produce one single factor (the website's password) that is transmitted to log in, so enabling website's 2FA and storing it in Keepass makes it 2FA against even more attack models, i.e. attacks where it's not my password database that it compromised, but just that one password. So it's still a benefit.
If I ever feel the need to sync my Keepass database, e.g. on Dropbox; I could set a key file (that I transferred offline between my devices) in addition to the master password to preserve this 2FA aspect, so that even if my Dropbox password and Keepass master password were both compromised, they would still be useless without access to my devices that contain the key file. But I never had the need to use my password manager on a different device, so no syncing needed so far. In any case, I don't actually care about 2FA (when I enable 2FA, I actually do it to decrease security, not increase it, as I explained in my other comment), this 2FA is just a bonus of my not needing and liking online services.
It's a pretty big problem for society when hospitals, universities, and countless business have been ransomed.
What they really mean is "We're trying to make as much money as possible without doing so much damage that someone with unlimited resources will hunt us down"
Hopefully shutting down a majority of the East Coast's pipeline capacity will be large enough that the US finally uses its deep pockets to do exactly that.
> It's a pretty big problem for society when hospitals, universities, and countless business have been ransomed.
Well, at least their "ethics" page does state that they will not attack "hospitals, hospices, schools, universities, non-profit organizations, or government agencies".
When you phrase it in a way that underlines the mechanical nature of the host's decision, people get it right. When you phrase it in a way that suggests the host's choice is itself random, people get it wrong.
I think the first formulation primes people to think of it from the perspective of the host, which is the right perspective for this problem.
In other words, they still get it right; they get it right for the separate question that that phrasing implies.
If the host's choice is random, so that when you initially picked wrong it's equally probable that the host open the door with the car and then say "sorry, looks like you lost" (which is what I assumed when I first heard this problem, not being familiar with the show), then even if the host happened to open the door with a goat and give you a chance to switch, it doesn't matter if you take it or not. People are correct that, for that question, the probabilities are one in two for both of the remaining doors.