• 0 Posts
  • 32 Comments
Joined 2 years ago
cake
Cake day: June 15th, 2023

help-circle

  • I disagree. You should not immediately go and replace the OS as soon as you get it.

    Most modifications to the root filesystem persist through updates just fine. You simply need to add the relevant exclusions for your customizations. See the Development and Modding section here.

    I have a significant amount of modifications to Steam OS, including an encrypted home partition (while excluding the steamapps subdirectory via bind mount) protected by TPM.

    The only time an update breaks anything is if the kernel or initramfs updates, requiring me to re-enter the LUKS password and reenroll a new TPM protector. And this is only because they don’t support Secure Boot, so my PCR selection is limited. And I was on the Beta update channel for a while updating almost weekly without issue.















  • The definition I learned for web 2.0, as it was happening, was a shift from static web pages generated all at once on the server and delivered to the client whole, to using Ajax with in-browser Javascript dynamically changing already-delivered pages with back-end XML calls.



  • IHawkMike@lemmy.worldtoAsklemmy@lemmy.mlCan I refuse MS Authenticator?
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    7 months ago

    We can restrict the use of software TOTP, which is what companies are doing when they move users onto the MS Authenticator app.

    Admins can’t control the other TOTP apps like Google Authenticator or Authy unless they go full MDM. And I don’t think someone worried about installing the MS Authenticator app is going to be happy about enrolling their phone in Intune.

    Edit: And even then, there is no way to control or force users to use a managed device for software TOTP.


  • This is incredibly well said and I agree 100%. I’ll just add that software TOTP is weaker than the MS Authenticator with number matching because the TOTP seed can still be intercepted and/or stolen by an attacker.

    Ever notice that TOTP can be backed up and restored to a new device? If it can be transferred, then the device no longer counts for the “something you have” second factor in my threat model.

    While I prefer pure phishing-resistant MFA methods (FIDO2, WHFB, or CBA), the support isn’t quite there yet for mobile devices (especially mobile browsers) so the MS Authenticator is the best alternative we have.