I recommend “dnf automatic” to fetch the latest package index in background
I recommend “dnf automatic” to fetch the latest package index in background
Except if you ran the update from within a graphical session and your session crashed, as this will kill DNF, making the update incomplete and potentially corrupting files. I recommend you either:
You can do that, but it is not necessary.
If you put microphones into the table, the audio will be horrible, catching up any surface acoustic waves from any noise on the table. Like if someone touches the table anywhere, this will be caught by the microphone. If someone puts down a hard item to the table anywhere (e.g. a pen, fingertips with fingernails, smartphone) you won’t be able to hear anyone in the room through microphones due to the transient noise.
More “conservative” in terms of preserving the planet’s resources.
You don’t need Gigabytes of RAM for almost any consumer application, as long as the programming team was interested/incentivized to write quality software.
Innovation is orthogonal to code size. None of the software most modern computers are running cannot be solved on 10 year old computers. It’s just the question whether the team creating your software is plugging together gigantic pieces of bloatware or whether they actually develop a solution to a real problem.
If it is just the location, then it could be spoofed.
If it is something that requires physical presence, then you need both devices to communicate with each other. If it is not done via QR code (like some online banking do), then both devices need to be connected, e.g. via WiFi or Bluetooth. In this case, if an attacker controls one of the devices (that’s the class of attacks 2FA should prevent you from), the attacker probably controls both devices. So what’s the point then?
I guess if there is WiFi, he won’t even need a mobile data plan, so he could safe lots of money.
How would MS Authenticator make it any better than TOTP?
To break TOTP, the attacker would need to:
a) be able to observe the initial exchange of the TOTP secrets. To do that, the attacker needs access to the victim’s computer (on user level) at that specific time they set up TOTP. TOTP is a TOFU concept and thus not designed to protect against that. However, if the attacker controls the victim’s computer at that time, the victim is screwed anyways even before setting up 2FA.
b) have access to the TOTP app’s secret storage and to the victim’s login credentials (e.g. by phishing). If the attacker can gain that level of access, they would also have access to the Microsoft Authenticator’s secret storage, so there is no benefit of the Microsoft app.
On the other hand, Microsoft Authenticator is a very huge app (>100MB is huge for an authenticator app, Aegis is just 6MB, FreeOTP+ 11MB), i.e. it brings a large attack surface, especially by connecting to the internet.
I don’t think Microsoft Authenticator brings security benefits over a clean and simple TOTP implementation.
If it is just TOTP, you can use any other TOTP app, such as Aegis or FreeOTP+.
And no, Microsoft cannot be trusted on not doing anything bad. The app is full of trackers and has an excessive list of permissions it “requires”.
For comparison, Aegis and FreeOTP+ work without trackers and way less permissions.
Microsoft has a long track record of leaks. Just naming the 2 most prominent:
Are you forced to use their app or are they just very insistently trying to trick you into using it? I.e., have you tried with Bitwarden or any other TOTP capable app?
It might depend on configuration. In the only case of Microsoft enforced 2FA I know of, it is just TOTP. Microsoft’s web interface nudges (tries to trick) you into using the MS Authenticator app, but that app is not needed. You can use any TOTP capable 2FA app, e.g. Aegis or FreeOTP+, both of which are also available through F-Droid and don’t require internet connection.
“Diplomjodler” sounds German so probably different laws apply…
With Gtk, I have seen some issues with rarely used parts of the API, but that should not be relevant to your rather simple use case.
TIL my thesis could have been easier if Typst would have been available years earlier.