Sure, if the manufacturer sets it to not charge to the max. I’m saying some manufactured charge to the max by default, hence why that setting is useful.

Well, alcohol is a depressant and shrooms are psychedelics, so neither are stimulants.

That said, MDMA could pair well with video games.

I’m saying when your phone charges to 100%, some manufacturers take that to mean 80% of capacity, whereas others actually charge the battery to 100% of capacity.

No, I’m saying that not all manufacturers have that limit, and it’s a relatively new setting (last few years). If you have an older phone or something not from the top few manufacturers, it might not have that feature.

Nope:

Betteridge’s law of headlines is an adage that states: “Any headline that ends in a question mark can be answered by the word no.” It is based on the assumption that if the publishers were confident that the answer was yes, they would have presented it as an assertion; by presenting it as a question, they are not accountable for whether it is correct or not.

That depends on the manufacturer, some do, some don’t. My phone has a setting to control the max charge, so I set it to 80% when I got it.

Yup, I use the terminal every day at work, my workflow is VIM + tmux, and I self hosted a Minecraft server using systemd (and a bunch of other stuff), so CLIs are kinda my thing.

I don’t use MPV. Why? I watch my content on my TV. If I’m on my computer where MPV could be used, I’ll play video games or work on personal projects, not watch content. Jellyfin is easy enough that I had to block the app on my TV since my 3yo was watching it before I got up. It works really well, it’s easy to set up, and even a child who can’t read can use it.

What does MPV provide?

My SO is reasonably technically inclined, and still keeps forgetting they have the SMB share on there. It’s literally a folder like any other on their PC.

They do remember both the IP/port (our TV sucks and loses WiFi periodically, and Jellyfin forgets the info) and the URL (can’t use TLS on the TV apparently…). And that inconvenience is way less of an issue than dealing with an already mounted SMB share.

So yeah, MPV is a nonstarter.

Yeah, I’m not connecting my computer to my TV to watch something. Jellyfin streams to it without that nonsense, why would I go back to essentially sneakernet?

It misses the primary use case for me: streaming to TV. I used to use minidlna, but the UX on my TV sucked, and Jellyfin was a pure upgrade. I can count the times I’ve watched more than 30a of my media (to test something) on anything other than my TV on one hand, and all of those are on a tablet using cached files.

If I did watch media on my laptop or desktop, I’d mount a network share and use VLC or something.

Yeah, I don’t see how this is better than mounting the drive and using whatever I normally use.

My primary use for Jellyfin is:

• stream to TV - used to use minidlna, Jellyfin is a strict upgrade
• web page - mostly for my SO, who already has samba configured and doesn’t use it

For YouTube, I just use NewPipe or Grayjay on mobile, and YouTube directly on web (uBlock blocks YT ads perfectly).

This looks cool, just not something I’d ever consider.

The company I work for forces everyone to do a training every year that goes over all of that and a few others. I assume most larger companies do the same.

None of this has anything to do with password managers, but knowing how to install stuff properly.

If you think you’ve only been in one breach, you’re probably mistaken or very young. I don’t know how many breaches I’ve been involved in, but it’s at least double digits.

I’m American, and my Social Security number has been leaked multiple times. Each time I’ve done everything possible to secure my accounts (random passwords, TOTP 2FA where possible, randomized usernames, etc), yet there’s always a new breach that impacts me.

I’m not too worried though. My important accounts are pretty secure. I use one of the few banks (brokerage actually) that provides proper 2FA. My email and password manager use 2FA. My credit is frozen. Breaches happen, the important thing is to limit the impact of a breach.

There are two major threats to a password manager:

1. Breach - if the server doesn’t store the key and data is encrypted, they’ll have to break the crypto
2. Client - if the client can be compromised, they can intercept password entry

The second is much harder to mitigate, but also much harder for an attacker to pull off since they need to compromise the update delivery chain.

Whatever client you use, make sure you trust the update mechanism.

Make sure whatever password manager you use doesn’t store the key on their servers. Bitwarden does this correctly (if you lose your PW, Bitwarden can’t recover it), and I’m sure some competitors do as well. LastPass apparently didn’t.

Bitwarden has no secondary key, and the master key is never sent to the server. All they get is an email address and encrypted data. If you forget your key, your passwords cannot be accessed, which means an attacker is screwed too.

There are tons of ways to give yourself ways to “recover” your password that don’t compromise you in a breach scenario:

• logged in devices - they have the key decrypted and can generate a new one, re-encrypt, and overwrite the data server-side
• store a physical copy of the password at home somewhere (notebook?)
• share passwords with a trusted person (SO) for critical shared accounts
• securely store an unencrypted backup of your password vault (say, on a personal computer with full disk encryption)

Maybe that’s how 1password works, idk, but I do recommend verifying that there’s no password recovery option on whatever password manager service you use.

your email (to be able to recover your password for the password manager)

If your password manager has a password recovery mechanism, that means your key is stored on the server and would be compromised in a breach. If that’s the case, I highly recommend changing password managers.

The ideal way a password manager works is by having all encryption done client-side and never sending the password to the server. If the server cannot decrypt your password data, neither can an attacker. That’s how my password manager works (Bitwarden), and I highly recommend restricting your options only to password managers with that property.

If you need a backup, write it in a notebook and keep it in a safe. If your house gets broken into, change your password immediately before the thief has a chance to rifle through the stuff they stole. My SO and I have shared passwords to all important credentials, so that’s out backup mechanism.

I don’t know your rule, but when I hear this, usually it includes the name of the service or something, so a script kiddie armed with a levenstein distance algo could probably detect it.

That said, the “safer than the person next to you” rule applies here. You’re probably far enough down that list to not matter.

As for password manager breaches, the impact really depends on what data the password manager stores. If all decryption is done client-side and the server never gets the password, an attacker would need to break your password regardless. That’s how Bitwarden works, so the only things a breach could reveal are my email, encrypted data, and any extra info I provided, like payment info. The most likely attack would need to compromise one of the clients. That’s possible, but requires a bit more effort than a database dump.

If there’s a leak with multiple services, it’s possible some script kiddie will flag it as having a pattern. I’m guessing the rule is simple enough that an unsophisticated attacker could figure it out with several examples.

It’s way better than reusing passwords, but I don’t think it’s better than a password manager, and it takes way more effort esp given all the various password rules companies have (no special characters, must have special character, special character must be one of…). If you’re paranoid, use something like keypassxc that’s just a file.

Yes, it is better. The likelihood that someone will physically access your device is incredibly low, the likelihood that one of the services in your bucket gets leaked and jeopardizes your other accounts is way higher.

I set mine to require my password after a period of time on certain devices (the ones I’m likely to lose), and all of them require it when restarting the browser.

it just unlocks with a fingerprint, and I think law enforcement are allowed to force you to biometrically unlock stuff

True, but it’s also highly unlikely that LE will steal your passwords.

My phone requires a PIN after X hours or after a few failed fingerprint attempts, and it’s easy to fail without being sus. In my country, I cannot be forced to reveal a PIN. If I travel to a sketchy country or something, i switch it to a password unlock.