Lownewulf's Lair
Technical reviews, ideas and ramblings, observations, and perhaps even the occasional glimpse into my daily life.
Monday, October 21, 2024
2024 Washington Election
Sunday, February 18, 2024
Compy 2024 Edition (Marauder)
It's been 8 years since I built RIFTER, a computer built specifically to power my Oculus CV1. It continues to hold up well despite its age, but I decided it was time to finally catch up to latest generation PC hardware.
So I present: MAURADER.
- AMD Ryzen 7 7800X3D 4.2 GHz 8-Core Processor
- Thermalright Phantom Spirit 120 SE 66.17 CFM CPU Cooler
- Gigabyte B650 AORUS ELITE AX ATX AM5 Motherboard
- Asus DUAL OC GeForce RTX 4070 SUPER 12 GB Video Card
- G.Skill Flare X5 32 GB (2 x 16 GB) DDR5-6000 CL30 Memory
- Crucial T700 W/Heatsink 2 TB M.2-2280 PCIe 5.0 X4 NVME Solid State Drive
- Corsair RM850e (2023) 850 W 80+ Gold Certified Fully Modular ATX Power Supply
- Lian Li LANCOOL 216 ATX Mid Tower Case
- Windows 11 Pro
(yes, I switched from EVE Online names to Battletech names)
My build philosophy was to get delightful gaming performance at a reasonable price, while providing a path for future upgrade. That was why I went with AMD - while Intel is competitive in this type of build, an upcoming socket change from LGA1700 would leave me stranded. Conversely, AM5 will have at least one more good generation. The one concession I made was the Crucial PCIe 5.0 drive. I don't really need something that fast, but storage really makes the difference on the day-to-day computing experience. Conversely, while the RTX 4070 Super may seem aggressively mid, video cards have literally doubled in price since my last build, and I wasn't willing to spend $1000 on a GPU no matter how fast.
The build has worked perfectly! Clean post the very first time. Everything was compatible and connected together.
Everything fits! Even that tall Phantom Spirit cooler has plenty of clearance to the tempered glass. The CPU cooler has clearance to the RAM - one of the fans had to be offset slightly, but that turns out to be a benefit of clip-on fans (I was skeptical at first). Good thing I didn't do the RGB RAM! The M.2 drive and it's built-in heatsink had clearance to both the motherboard and the GPU.
The bane of my builds has always been shoddy cases. The LANCOOL is definitely the best case I've ever owned,. My only complaint was the complete lack of instructions or labelling. Trying to match up some weird unlabelled ports (eg. this is the first time I've had a USB-C port), or track the connections to a completely undocumented ARGB controller. Also, the thumb screws are garbage, but there's spring-loaded post latches too, so it's not a big deal.
So far I have not made any attempt to optimize or overclock. Everything is running at default settings. Running 3dMark benchmarks:
- Time Spy (DX11 test): 19157 (CPU 13395)
- Port Royal (raytracing test): 12879
- Storage benchmark: 2899
- Furmark 2160: 6467
Reference: RIFTER
Intel Core i5-6600K / NVIDIA GeForce GTX 1070
3DMark (Time Spy): 5348 (3396 CPU)
Thursday, August 17, 2023
Why I flag most recruiter emails as spam (Web3 edition)
Remote position for $250k USD base, but their recruiter referenced Web3 in the email, so completely untenable.
(I don't think it's actually a Web3 job...)
Sunday, November 13, 2022
Why you need end-to-end encryption
TL;DR - no matter who you are, you need to set up an end-to-end encrypted communication app for your calls and messages, and start using it for your day to day communication.
Encryption is a technology that allows us to send messages to each other using codes. It's core to how we are able to exist in the digital age: it's why a neighbor with an antenna can't read your emails, it's how you are able to bank online without a hacker rerouting your money, or even how you access your medical records online privately. Encryption is so ubiquitous that you are using it every day and don't even realize it. In fact, most major services on the Internet, even completely public ones, turn on encryption automatically.
- That outsiders won't see or hear your communication.
- That outsiders won't modify what you're sending.
- CAN'T see or hear anything that is being said/messaged/shown/etc.
- CAN'T record your communication.
- CAN'T meaningfully modify what you say.
- CAN still see who you're talking to and when.
- CAN still block you from sending a message (but without any knowledge of what you're about to say.
- Can't target advertisements based on what you're saying.
- Quality, speed, and reliability of group communication tends to be worse than non-E2EE solutions.
- Some features like camera filters, message search, are more difficult to build and may be of lower quality.
- The communications provider. How much do you want a big tech firm to know about you, and how comfortable are you with who they will sell this data to? Could a data broker build a profile of you to be targeted or even harassed?
- Partners. Consider the case of the Cambridge Analytica scandal, where Facebook leaked private user data to a company which then used it to interfere in elections in the United States.
- Hackers. Could a hacker reading your text messages use that information to access your bank or other important accounts?
- Government. Are you a law-abiding citizen? Okay, sure you are... but are you a law abiding citizen by the past and future laws of every government you'll ever interact with? For example, Facebook was forced to disclose messages under subpoena related related to an abortion case (which became illegal shortly AFTER the subpoena).
- Signal is the defacto standard for the privacy-conscious. Their app is the gold standard for the privacy conscious, and their technology is so good, their "Signal protocol" is used in many other apps.
- WhatsApp offers E2EE by default. While many are nervous what ownership by Meta will mean for the future, their track record so far on encryption is pretty good.
- Telegram is not E2EE by default, but does offer optional "secret chats". While I'd prefer it to be on by default, at least you can choose it for any communication.
- Text messages from your phone are the WORST! Stop using them, right now, except where absolutely necessary to communicate with businesses. The system is ancient and notoriously insecure. This includes iMessage - while iMessage itself may be E2EE, that only applies to your "blue bubble" contacts, while your "green bubble" contacts still go through insecure SMS.
- Telephone calls. The security is weak, but also the quality is absolutely terrible compared to even the most mediocre audio calling apps. It's all around a bad experience, and there are way better options, including Facetime and Duo.
- Facebook Messenger. While they support end-to-end encryption, it's not offered on all clients, so it's difficult to ensure a secure connection.
Wednesday, June 29, 2022
Why I flag most recruiter emails as spam (Amazon edition)
Usually I just flag as spam and move on. But sometimes it's just funny when a company as big as Amazon can get something as basic as a recruiting email so wrong.
Sunday, March 08, 2020
Sanders vs Biden
Can we solve this on electability?
https://www.latimes.com/opinion/story/2020-03-05/bernie-biden-electability-polling
https://www.vox.com/policy-and-politics/2020/2/25/21152538/bernie-sanders-electability-president-moderates-data
The conclusions largely appear to be:
- The data suggests both candidates beat Trump.
- The data currently suggests Biden would have a larger safety margin.
- We keep learning that we can't trust the polling numbers, and need large safety margins.
If Biden wins, Bernie's army of young voters don't mobilize. If Sanders wins, swing voters are lost to Trump. Sadly there's no consensus candidate left.
Benefit to Biden, but it's clear that we still don't know enough to be sure.
But Biden was a bit of a shitbag until recently.
He's come down on the wrong side of a LOT of moral arguments over his long and very successful career.
- War on drugs, marijuana criminalization.
- Anti-abortion
- Civil forfeiture.
- Encryption bans
- Anti-LGBTQ, marriage equality.
Sunday, March 01, 2020
2020 Washington State Presidential Primary
Update 3/1/20: Buttigieg just dropped out.
... well... they always had a Presidential Primary. But we finally have a better one.
https://www.seattletimes.com/seattle-news/politics/washington-democrats-choose-presidential-primary-for-2020-ditching-caucuses/
Washington State always had a primary for Presidential candidates, but the Democrats completely ignored the results, in favor of their caucus meetings. The Republicans utilized it, but it was held so late in the season that it didn't really matter. Now, our votes are mailed in by March 10th, and the results are honored by both parties.
New this year, we also have to declare party affiliation. This is certainly concerning as a potential source of spam (party affiliation is public record), and it's not like ticking a box would prevent Republicans issuing spoiler votes. But it's a minor issue compared to the benefits of a real primary.
In any case, on to the actual primary.
Party Affiliation: Democrat.Should be obvious. Trump's Republicans are toxic. But regardless, their primary's outcome is already assured, and I don't vote in pointless elections.
First, we can eliminate candidates that have already dropped out. While a few of these are indeed interesting, trimming them up-front will ease our cognitive load quite a bit.
- Cory Booker (1/13)
- John Delaney (1/31)
- Andrew Yang (2/11)
- Michael Bennet (2/11)
- Deval Patrick (2/12)
- Tom Steyer (2/29)
- Pete Buttigieg (3/1)
Bernie Sanders (29%)
The "Democratic Socialist", a title he wears unapologetically, almost militantly. The most progressive of the progressives. A constant Democrat outsider. A billion years old. And the early front runner, much to the party establishment's chagrin.Bernie fans are fanatically dedicated. This poses an interesting challenge for the primary: Sanders holds a substantial base of voters that are notoriously difficult to rally for other Democratic candidates. Whereas Sanders as a presidential candidate will have the hardest time attracting moderates of either party.
Can a "socialist" win the Presidency? Maybe. If there's one thing we learn from Trump's candidacy, it's that labels, policy, or even ideology don't matter when you have a cult of personality, which Sanders has in spades. If a racist with no experience and a platform built entirely on catchphrases and spray tan can be president, is a socialist so farfetched? Universal health insurance. Free college. Living wage. Crazy talk! Except that most of the developed world already does this and more with varying levels of success.
A Sanders vote is a vote for fundamental change that is desperately needed, and rejecting the very existence of political moderates as a relevant group in America.
Joe Biden (17%)
The very face of a Democratic insider. Over 30 years in the Senate, and a popular Vice President under Obama.The most centrist of the moderates. Biden has already been in the White House and doesn't want to change up that formula. Most moves would be incremental changes to Obama-era policy rather than dramatic overhauls.
A Biden vote is a vote for business as usual. A bet on the the current political middle being the force of the future.
Michael Bloomberg (15%)
A billionaire and popular former New York mayor, that is quite obviously trying to buy the nomination with hundreds of millions in ad spending, so much so that he didn't even bother to participate in the first primaries.He was by many accounts a successful Mayor and clearly a successful businessman, but with a lot of baggage that will be tough for Democrats to support, such as "Stop and Frisk" and disrespect of women.
A Bloomberg vote is a statement that executive experience (both political and corporate) trumps everything, including character, and policy.
Elizabeth Warren (14%)
Pete Buttigieg (10%)
Amy Klobuchar (6%)
So how do I vote strategically?
Wait for Super Tuesday on March 3rd! This is a major test for candidates, and we should hopefully see some drop out on Wednesday. Released delegates can vote for anyone, so the best chance of your vote mattering is to vote for someone likely to survive to the convention. Washington's new primary deadline of March 10th is an amazing benefit for this primary season - early enough for the nomination to still be interesting, but late enough to filter out some of the early noise. Use it wisely.Otherwise, vote for who you like. That message will carry through, in some form or another, to future primaries, to the convention, or even future years. Your support will mean a lot to your chosen candidate.
What about a contested convention? It doesn't really change anything. The popular theory is that a contested convention would be used to block a Sanders nomination. The best way to avoid that is to give Sanders an uncontested nomination by voting for him. Any other candidate, vote for them and deny Sanders the delegates he needs to clinch it.
My Vote
Sunday, November 03, 2019
Washington General Election 2019
- 12 Advisory Votes. These are decisions that were already made, and the results of the vote has will not change the decision in any way. I'm not being sarcastic, the result of the vote is not used in any way. It's interesting as a forced broadcast mechanism about tax changes, but from a voting standpoint is, literally, pointless.
- 16 county bureaucrat positions, of which 7 are uncontested. Seriously, you think I have enough opinions about the Commissioner of the wastewater district to write in a new candidate? Only one of the positions is even partisan.
Referendum Measure 88: Bring back affirmative action
Under I-1000, quotas and preferential treatment are prohibited, and no one who is unqualified will be selected due to preferential treatment.
Rejected.
Initiative Measure No. 976: Or why your car tabs are so expensive
Rejected.
Senate Joint Resolution 8200: Washington watches too much Designated Survivor.
County Nonbinding Advisory Proposition No. 1: Ban Fireworks in Urban Areas.
Sunday, June 30, 2019
Home Display Setup
Here's my display board. It's in the hallway to the family room. It is currently showing:
- Daily agenda, including chores list.
- Multi-week family calendar.
- Clock.
- Thermostat.
- 4-day weather forecast.
- HP 23" IPS monitor VH240a ($109)
- CanaKit Raspberry Pi Zero W ($25)
- Swift Mount SWIFT110-AP ($11)
- 1ft HDMI to Mini HDMI ($9)
- Velcro Command Strips ($6)
- DakBoard. You can do a simple site for free, but for $5.95 a month, you can get a premium account with a lot more customization. Admittedly, with a bit of HTML, one could accomplish the same thing for free, but DakBoard's customization tools are actually pretty cool.
- Google Calendar. We created two shared calendars - one for family schedule, one for family chores. The separate calendars allow me to show the chores on the agenda without putting it on the calendar view.
- Google Photos. Because seriously, what else would you use? I have a shared album with my display photos, that goes not only to my large display, but also to all the Google Home smart displays in the house.
- Nest Thermostat integration.
Thursday, December 20, 2018
The Good and the Bad of the Tesla Model 3 Performance
I've owned the car for a couple of months now, have experienced the reality of EV life, and being bought into the Tesla cult. I still to this day smile every time I drive off in this car
The Great
It's SO fast! Acceleration is immediate, consistent, and intense. An official 3.5s 0-60mph time, but real-world measurements place it closer to 3.2s. It's hard to convey just how amazing the instant power and perfect traction of an EV are for the driving experience.Phone key. Much maligned in early releases, and rightfully so - many owners had inconsistent results unlocking and driving their car, across popular brands of phone. But I was lucky enough to receive the car almost immediately after a major app update, and it has worked reliably. I walk up to my car: it's unlocked. I walk away, it's locked. I shift to drive, it drives. It feels primitive by comparison to actually have to carry a separate chunk of plastic around.
The phone key has failed maybe twice since I took delivery. In that case, I have the card key in my wallet; which is enough to get me going while I reboot the phone.
Charging at home. My theory was that, between charging at work, and free supercharging for life, I would never spend a single Wh of my own electricity. Well, ownership has taught me something: the $1's a month I'll spend on electricity is worth it for the convenience of just plugging in at home. I don't have to worry about when or where to charge, because I'm full every morning. Whereas, when I end up driving the minivan, I'm invariably looking at "20 miles range" and debating whether I have time to gas up.
Admittedly I'm charging on 120V. It's VERY slow to charge - it would take three days to charge from empty! But since I'm constantly topping up,it's never a problem. For the rare time I'm running under 50%, I'll stop at the local supercharger and get full in under an hour (for free!).
Single-pedal driving. With regenerative braking at max, you very rarely have to actually use the brakes, except to come to a full stop. This is weird for many drivers at first, but within an hour or so I really appreciated it. It makes downhill a far better experience, and takes a lot of effort out of driving in traffic.
Modern conveniences. Hey, I haven't owned a new car in awhile. It's nice that my garage door opens and closes automatically as I approach.That my seat and mirrors remember my position. A full suite of distance sensors, backup camera. USB power.
The OK
Autopilot. Works as advertised - you can pop onto the freeway, whether stop-and-go or full speed, and it will drive for you. For morning commute, it will probably save my life one day. With a little care, it will even work on city streets (you just have to handle stop signs and lights... for now...). Honestly, with the AI and sensors, it probably handles highway driving better than I do, given it's better perception of acceleration and instant reaction time.
Still, I wish they handled lane splits/merges better. Also, vehicles changing lanes is very much binary - they give no accommodation to a vehicle signaling a lane change until they are at least 50% in the lane. I still find myself taking over in these situations in deference to the drivers around me,
Auto-parking is still not consistently detecting spots, though it parks well when it sees one. Reverse-in parking is just a gimmick.
The Meh
Comfort. I'm told by everyone that my car is amazingly comfortable. It looks and feels premium through and through. There's amazing levels of adjustment that let me sit better than any other car. But there is just something about that driver's seat that my butt won't get used to.
I've gotten used to the firm and forward headrest, though from my reading, this is a common design in newer cars. Apparently you're not supposed to actually rest your head on a headrest? Easy for someone without an XL head to say...
The claim that three carseats will fit across the back of a Model 3 seems dubious from my experience.
Automatic wipers. The sensor underestimates the conditions, simple as that. In Seattle weather, you'll have to turn them up manually. Here's hoping to a fix in a software update.
Bluetooth. I've had issues with frequent media subsystem crashes (lose audio for ~5s), though I think a recent update has finally nipped that one in the bud. Still, it isn't always 100% to connect to my phone, or lose connection getting into the car.
Also, seriously, I don't want to use your stupid Tesla voice commands that control almost nothing. Let me trigger my phone assistant from the wheel!
App Control. Great idea, but limited by the "Waking Up" problem. If the car is idle, it can take upwards of one minute to establish a connection. If you want to quickly preheat the car, it can be frustrating to sit staring at a spinner.
On the other hand, a public API! I can (and eventually will) fix this through the power of coding.
Note the wakeup issue does not apply to phone key.
The Real Problem
They didn't process my payment until almost a week after I took delivery (while insisting I had paid weeks earlier) - and support calls to follow up were about 40 minutes hold time on average.
The referral process was a mess; if you're not buying it online, the dealer is liable to skip the step entirely, then manually submit the request into some black box system that might or might not work. My referral bonus (free supercharging) didn't show up online until two months after I took delivery, though to be fair they never actually billed me for supercharging.
They did not even order my license plates for 40 days (out of 45 allowed days in Washington). My tags expired, and I was stuck driving a rental Chevy Impala while they got me plates. I'm no car snob, but I think I'm at the point where I can say with conviction that, as a Tesla driver, that a Chevy Impala is beneath me. It was an awful experience.
There's a (very minor) issue with my steering column; a known issue that should be a quick fix. Great, first service appointment is a month out. But, even then, they cancelled it without telling me, because the part was back-ordered. Seriously, Elon invented Paypal, but can't send me an email notice that my appointment changed?
Wednesday, October 24, 2018
2018 Midterm Election
But, the news for me this time around... the lack of news! The major news outlets, in an attempt to retain their integrity and their revenues, have taken to paywalls. Regional news organizations like the Times and the Herald are hiding their articles behind subscriptions, including their endorsements! While I appreciate the need for these organizations to stay afloat in the era of the Internet, their content is over-priced and over-bundled. By hiding their editorial endorsements behind their paywalls, they surrender any credibility as political influencers, or the privilege of acting as trusted intermediaries of voters.
Guess I'll have to rely on Ballotpedia. *sigh*. I'll decline to include any paywall links in this article, no matter the relevance.
As usual, I don't respond to advisory votes because they're pointless, nor positions lower than State Legislature because voting on bureaucrats is ridiculous.
I-1631 - the carbon tax
It's another try at a carbon tax. Unlike last time with I-731, it's not revenue neutral - it's a fee, and the money will be invested in clean energy, and offsetting cost impact in low-income communities. Unlike a tax, the money can't go into the general fund (which Washington's lesiglature would eagerly waste). We give up the sales tax reduction of I-731, but the expected increase in consumer energy costs is also predicted to be much lower (eg. an increase of $0.14/gal for gas vs. $0.25/gal).
Climate change is strongly supported by science, and the recent UN report makes it clear that change is needed urgently to prevent a catastrophic increase in planetary temperatures. A carbon tax may not be the best idea, but appears to be the only idea so far. Presumably why we keep having initiatives on them.
Bill Gates says yes. You know, the billionaire philanthropist trying to cure polio and stuff. He knows a thing or two.
Rob McKenna, our former Attorney General, says no. But he forgot to mention - he works for Chevron now. Skeeze!
I'd have preferred I-731... but I'll accept this.
** YES **
I-1634 - banning a "grocery" tax
They don't want to prevent all tax on "groceries", they just want to make sure no local jurisdiction can pass a tax that unfairly applies to just "groceries".
Oh, and "groceries" is soda. Just soda. This is about nothing more than preventing future soda taxes. They're trying to lock down any local jurisdiction that would dare to copy Seattle.
Diabetes is bad. And sin tax works, as illustrated by every cigarette tax ever. And dishonest campaigns get voted against on principle.
** NO **
I-1639 - gun control
This was a hard one for me. I'm very pro gun control. Guns are fun, and we should all go shoot paper zombies now and then. But it's entirely reasonable to jump through a few hurdles to prove I can do so safely (or at least I will be able to do it safely once I complete the proposed mandatory safety training). I would also have to be realllllllly dumb to store my gun somewhere where an intruder (or my preschooler) could get at it, and I wholeheartedly support prosecuting those that do.
But ugh, some parts of this law are dumb. Gun registries are known almost exclusively for their spectacular failures. Mandating "guns are dangerous, mmkay" language is just... weird... but I suppose harmless. I really don't like the age-based restrictions - if you have proper vetting systems in the first place, rely on them rather than blindly painting every teen as a school shooter waiting to happen.
I could go either way, but the downsides of the bill seem like mostly harmless chaff. Gun control could make us safer, and I will still be able to get assault rifles easy enough, because I'm good at paperwork.
**YES**
I-940 - police accountability
There's some training in there as a distraction (lol... first aid? really?), but the actual meat of the initiative is removing the "malice" requirement for prosecuting police use of deadly force, and requiring independent investigation into incidents of deadly force.
The new standard seems plenty strong still. There's a two part test - what a reasonable officer would have believed necessary, and a good faith belief by the officer that deadly force was warranted.
Accountability is good in general, especially when it comes to killing people. If police don't want more accountability, they should probably stop killing so many unarmed suspects.
**YES**
Snohomish County Prop 1 - 911 Tax
This makes me mad. We pay for 911. At least in our wireless bills, probably in a few other hidden places too.
But they want more money... and they want to do it with a sales tax... the most regressive possible way to tax. WHY?
... but 911 needs to work. So, I'll wave the finger of shame firmly at the County, plug my nose, and accept this.
**YES**
US Senate
Maria Cantwell (D - incumbent) vs Susan Hutchison (R)
Great article on the debate from KING5.
If you're going to warn about "junk science" in the climate change debate, that's a deal breaker.
In housing, Cantwell is advocating to build more supply. Please, do this. Hutchison is blaming government red tape and permitting fees, not nearly as credible.
**Cantwell**
US Congressional District 2
Rick Larsen (D - incumbent) vs Brian Luke
I say this every two years. Rick Larsen is brilliant and stands for all the right things, and has been doing so since 2001. Healthcare, transportation, education, STEM. Though less publicized this time around (we seem to have bigger problems), he continues to be a strong advocate for campaign finance reform.
Brian Luke seems like a classic Libertarian. Anti-debt, anti-foreign-military-deployment, anti-regulation. Honestly, these are not bad things if executed honestly; but that is unlikely if he has to work with the Republican party.
**Larsen**
Washington Senate LD21
Marko Liias (D - incumbent) vs Mario Lotmore (R)
At first, I was actually interested in Lotmore, notably for his statement's support for STEM and multi-family housing.
.. his website fixed that. Anti-transit (he's probably right, but we can't just give up and drive SOVs forever). Support for I-1634 (banning soda tax). General fiscal hawk. A bit too 2nd amendment happy.
**Liias**
Washington House LD21.1
Strom Peterson (D - incumbent) vs Amy Schaper (R)
Social conservatives are generally a hard pass for me, and this is the hardest of the hard passes. Schaper is anti-LGBTQ in as many words, anti Planned Parenthood, anti-contraception. Add standard Republican fiscal conservatism just in case this wasn't already clear boat full of fail tacos.
**Peterson**
Washington House LD21.2
Thursday, July 26, 2018
What are "Titan keys" and why would I want one?
To talk about security keys, one must first understand multi-factor authentication. Each "factor" is a way to prove who I am to somebody who wants to provide me a service.
What I know! I prove who I am because I know a secret that only I should know. Passwords are the common example of this, as well as their cousin, PIN numbers. The weakness is that secrets are hard to keep, and easy to duplicate. Anyone who discovers my password can pretend to be me.
What I have! I prove who I am because I possess something that should belong to me. Credit cards work this way - if I have the card, I can swipe it and make a purchase - sorry, nobody ever looks at the signature. It's usually harder (but not impossible) to copy something I possess, and requires the evil impersonator to be physically close to my possession.
Who I am! I prove who I am because I can be physically identified. This is how a driver's license works - the photo should match how I look. Fingerprints are a popular way to validate people as well. The problem being that physical properties can be hard to verify - is that fingerprint a real finger, or just a piece of tape copying a fingerprint off a door handle?
Two factor authentication systems require TWO of the above factors to prove who I am. These are far more secure, since an impersonator would have to circumvent two different security systems, usually in very different ways. A common example of a two-factor authentication system is a debit card - to use the card I have to have the card in my hand (what I have) and enter a PIN number (what I know). To steal my money, you would have to get both at the same time without my knowledge (or else I'll just change my PIN or replace the card).
Security keys are designed to be a second factor in such a system. Systems that support them require both your password and the presence of the key before they let you log in. This makes my account more secure - if my password is discovered, nobody can use my account because I have the key. If my key is stolen, the thief can't use it for anything without knowing my password.
This does NOT mean you don't need a password anymore. A security key is actually not very secure on its own, because people overall are shockingly good at losing things. A security key's power is specifically in it's use as a second factor.
The Google Titan Security Key is just Google's take on security keys - and are conceptually similar to offerings from other companies (eg. YubiCo).
But why do I need a security key?
Because your password is bad. You used the same password for your bank account as you did on Snapchat, and you told your friend that password so they could continue your streak. But you can't change that password now, because it's the same password you've used since you were 16 years old. It's the password you shared with that Nigerian Prince who needed it to send you your lottery winnings, and entered it accidentally in that response from that email from bankofamedica.com. But really, your password was just your middle name with a 1 on the end, so it was not hard to guess in the first place.
Your password is probably already hacked. If you don't think so, Have I Been Pwned is a fun reality check.
Where can I use it?
There's two variants being offered by Google - one for phones (bluetooth and tap), and one for computers (USB).
The downside is that not many online services support security keys yet, but a few big players do: notably Google, Facebook, and Twitter.
Questions you never asked?
Q: Do I need to use the key every time I use a website?
A: No, most sites will remember you on a particular computer or phone after you use your key once (for 30 days or so).
Q: How does it work with phones?
A: Phone support is still not the greatest, but if you have the right phone and the right security key, you can tap it to the back of the phone.
Q: What if I lose the key?
A: They're made to be cheap enough that you could have more than one. As long as you have one working key left, you can use it to deactivate old keys and add new keys. Generally you can also reset your account through a phone call or other hoops.
Saturday, January 07, 2017
Amazon Music
I've been an adherent of Microsoft's music service (no, I never owned a Zune) pretty much from the earliest days of Zune Music on the PC. I've lived through the resulting brands - Xbox Music, and now Groove Music. I saw the birth and death of download song credits, the switch from WMA to MP3, and the embrace of mobile devices. Finally, in 2016, I gave up on the Microsoft music ecosystem.
It was a good service. It had most of the music I wanted to listen to for streaming, and built-in OneDrive coordination in their clients for anything they were missing. "Radio" for continuous streams seeded on a band name. Decent clients for all the major platforms.
There was really only one problem, that I couldn't get over: too often, I would press "Play" and music wouldn't start. Network issue? Backend congestion? Client bugs? OS faults? Who knows. Probably a combination of these over the years. But it's a fatal issue. This is a clear "bullshit test" - the basic proof of the most important base scenario in a system. It should never fail.
Should I blame Groove? Yes! Because another app has a great bullshit test - Netflix. When I push play on Netflix, video shows up. Every time, on every device, consistently fast. Streaming video is indisputably a much harder problem. If Netflix can stream video, Groove music should be child's play in comparison.
So when Amazon released their unlimited streaming family plan, I jumped on the opportunity. For $5 more a month than Groove, my entire family could jump on the service? Sold! Microsoft never offered a family plan (and we all asked... a lot!). Maybe this service would work better.
A few months in.... how do I feel?
Eh. Not bad. A bit better than Groove.
Amazon Music does everything it needs to. Clients on major platforms - notably a Win32 client, and an Android app. A collection to stream that seems (at least in the metal world) to be even richer than Groove. "Stations" to keep a constant stream of music going. An affordable family plan!
Most importantly, it works! I can play music quite reliably. I can make playlists. Download music to my devices. My most important feature - I can start a station and have music play all day while I work and/or travel.
But it's not perfect.
The clients are not yet mature. I like the clients. They look and feel nice for the most part. However, it's still pretty easy to find bugs in main flows (eg. adding music to collection). I also expect navigation will change as they discover how their apps are used. Finally - yes, occasionally I won't get music when I expect to. But it's rare, and more importantly it's recoverable. The client knows its having trouble, indicates it clearly, and lets you retry as needed.
Stations are not very creative yet. Unlike Groove, there is only a subset of artists for which you can start a station, and there's no good way to predict which artists will be covered. Once you choose a station, the song selection is appropriate but bland much like a physical radio station. A "greatest hits" feel - you'll like what you hear, but probably never hear anything new.
Stations are obsessed with Metallica. Specifically "Hardwired... to Self-Destruct". Sure, this album is popular, but EVERY rock station I generate will disproportionately select songs from this particular album. Never once any other Metallica album. Nor have I seen this treatment with any other album. This seems to be immune to the Thumbs Down. This is so pervasive in the rock genre, that I cannot possibly believe it's an accident.
No social. I have a family plan. Put my family's playlists somewhere, for those rare cases where I let my daughter choose the music in the car.