|
Whizbang posted:So instead you trust all of your security Dropbox, a site that has been broken into repeatedly and has one of the idiots who started the NSA mess on its board of directors? The reason I value convenience is because past a certain level of inconvenience most people won't use it no matter how beneficial it is. I'm not questioning why you would go through the trouble--you understand how it works, why you're doing it, and what to do when and if there's a problem. I'm saying that the point is to make it so everyone could benefit from using complex passwords and 2FA and there's simply no way anyone sane would say that Keepass does it. Most of us, and certainly my mom and grandmother, don't have to worry about a HIPAA violation or PCI compliance but they certainly should be concerned with basic password complexity and uniqueness. Services they can access are more beneficial to the public as a whole than some patchwork of Keepass, Dropbox, and USB keys.
|
# ? Feb 3, 2015 07:07 |
|
|
# ? Jun 6, 2024 23:51 |
|
Okay, yeah, "secure enough and convenient enough for the general public to get a meaningful degree of security" is something I can't really argue against. I guess I really just want this new generation of internet security brokers to have some actual not-"paper tiger" oversight under which to operate.
|
# ? Feb 3, 2015 08:35 |
|
Sir Unimaginative posted:Okay, yeah, "secure enough and convenient enough for the general public to get a meaningful degree of security" is something I can't really argue against. I guess I really just want this new generation of internet security brokers to have some actual not-"paper tiger" oversight under which to operate. We're just not there yet and right now I try my best to just get folks implementing some best practices like 100% unique, strong passwords and 2FA without trusted devices whenever possible. I feel like the best way to get there for most people is if the process is as frictionless as possible* but really it's just whatever gets them to that point. *Honestly I'll say that something as simple as LastPass constantly logging me off on mobile is enough to almost make me say "gently caress it". There's so much room for improvement on managing users' security that it's crazy. It really is almost impossible to get done right.
|
# ? Feb 3, 2015 09:13 |
|
Sir Unimaginative posted:As to why I'd rather do it that way? Law firms and banks, who are actually accredited and regulated like people who are worth trusting with security matters, don't generally have password or additional-factor management services for the public. And without either that regulation or some way to verify those companies are handling security and a make-whole clause on default (and good luck getting those in the US), you're basically trusting some jerks with a web site and a catchy name with your online identity (and increasingly your actual identity). There are lots of examples that I saw but the best one was this: in the interests of "security", this bank paid a third party to reimplement SSL (or something similar) from scratch and provide us (app dev agency) with a compiled NDK-level C++ blob and Java wrapper for us to run all connections through. The original plan was for there to be three releases of this component. When I left, 18-months after the project started, I believe we were somewhere around version 40. The bank refused to use any existing SSL library because "open source makes it insecure". When heartbleed happened, this component received an update to fix it and we realised that this thing was actually just a wrapper for some existing library anyway, it's just that the bank didn't know because all they saw was the compiled binary. Whenever this library would poo poo out an error, we'd get a encrypted log output that we'd email to this third party and they'd decrypt it and then send us a mysterious new version of the library which fixed it, no explanation provided. Because security. And that was just the start. There was the WebView that wasn't allowed to cache any images "because security" such that I had to force it to load everything in serial and each page took ~10 seconds to load. There was the hilarious root detection code that would only actually work on ~50% of phones (it made assumptions about the SU binary flavour and location). There was the code obfuscation which used a terrible third-party thing instead of Proguard (partly because security-through-obscurity and partly because "we want the same thing on iOS and Android", and I don't know even know which of these is a worse reason) which would frequently break poo poo in ways that you would not imagine possible (but are very possible if you write a bad obfuscator). I no longer consider banks to be bastions of security, and certainly not of good practise in general. I would much rather trust someone like Lastpass with my data than any bank, because at least they are a company who are focused on - and employ people who understand - security. Tunga fucked around with this message at 11:13 on Feb 3, 2015 |
# ? Feb 3, 2015 11:08 |
|
It's not about the methods (I wouldn't wish the methods in place in most banks and law firms on war criminals) - it's about having a guaranteed recourse when when your credentials are misused or leaked or lost or something else goes south.
|
# ? Feb 3, 2015 11:43 |
|
Sir Unimaginative posted:It's not about the methods (I wouldn't wish the methods in place in most banks and law firms on war criminals) - it's about having a guaranteed recourse when when your credentials are misused or leaked or lost or something else goes south. I swear I see stupid password requirements like "6-8 characters, no numbers or symbols" for bank websites more than anywhere else. It's hilarious how bad bank security is, and despite what you seem to be saying here you don't have guaranteed recourse for all sorts of bank hacking in the US.
|
# ? Feb 3, 2015 17:56 |
|
Android App Thread - Your Bank Sucks Also none of that changes the fact that internet security brokers should probably be accredited, audited and bonded as a matter of course. Right now they get basically no scrutiny at all.
|
# ? Feb 3, 2015 23:31 |
My reason for wanting an alternative to the Google Authenticator is that I'm switching from iPhone to Android soon, and I want uninterrupted access to my 2FA. I lost my phone a couple years ago and it was a huge pain in the rear end to get my Google Authenticator setup again for the 10 or so accounts I'm using it with, I don't remember exactly what I had to do but I remember it being a headache. I've got an older Android table and I was thinking if I could use a different app (that had both Android & iPhone versions) then I could setup my tablet with the same 2FA that my phone has configured. Then when I get my new Android phone I could also easily get the 2FA config over to that one as well. Then I would end up with an Android tablet & phone that have the same 2FA accounts configured, so if I ever lose my phone I could still use my tablet and not have to deal with any headache. It sounds like I can accomplish all this and still use the Google Authenticator app, just with the added legwork of manually setting each account up on each device. Where are the backups for Authy stored? I see it's enabled on my iPhone but I'm not sure what that does exactly.
|
|
# ? Feb 4, 2015 01:47 |
|
fletcher posted:My reason for wanting an alternative to the Google Authenticator is that I'm switching from iPhone to Android soon, and I want uninterrupted access to my 2FA. The end result is once your second factor is in Authy you won't have to set it up again
|
# ? Feb 4, 2015 02:03 |
|
Sir Unimaginative posted:Android App Thread - Your Bank Sucks I don't think anyone disagreed with that.
|
# ? Feb 4, 2015 02:14 |
|
Thermopyle posted:I don't think anyone disagreed with that.
|
# ? Feb 4, 2015 02:20 |
|
Whizbang posted:So instead you trust all of your security Dropbox, a site that has been broken into repeatedly and has one of the idiots who started the NSA mess on its board of directors? I-I'm sure no one really wants to know my weekly homework assignments anyways. Personally, I don't trust anyone. That's why all my info is out in the open on a sticky note on my monitor
|
# ? Feb 4, 2015 03:00 |
|
On Nexus 5 (5.0.1) closing the last Chrome tab leaves me with a blank black screen with a new tab button on the upper left corner and the menu button in the upper right corner. On Samsung Galaxy Tab S (4.4.2) closing the last tab closes Chrome entirely. Is this a setting somewhere, a change in Android since 4.4.2, or Samsung'd? This is obviously the most unimportant thing, but it bugs me that it isn't consistent.
|
# ? Feb 4, 2015 07:40 |
|
Why does it matter if chrome is closed or not?
|
# ? Feb 4, 2015 08:02 |
|
Veib posted:On Nexus 5 (5.0.1) closing the last Chrome tab leaves me with a blank black screen with a new tab button on the upper left corner and the menu button in the upper right corner. On Samsung Galaxy Tab S (4.4.2) closing the last tab closes Chrome entirely. Is this a setting somewhere, a change in Android since 4.4.2, or Samsung'd? This is obviously the most unimportant thing, but it bugs me that it isn't consistent.
|
# ? Feb 4, 2015 08:09 |
|
Does anyone use WeatherBug and actually get useful information out of it? I like the interface and widget, but the actual weather data is wildly inconsistent. For example, right now it says it's 31 with a low of 20. But the hourly report says it will be 24 degrees ... in 5 minutes. The hell? I let it use my location for the forecast but there's no way there's a 6 degree (Celsius) difference between where I am and the airport weather station. I've also had the hourly forecast tell me that there's a 0% chance of precipitation while it had been raining hard for the previous hour . This happens pretty much everywhere I go.
|
# ? Feb 4, 2015 09:57 |
|
eXXon posted:Does anyone use WeatherBug and actually get useful information out of it? I like the interface and widget, but the actual weather data is wildly inconsistent. For example, right now it says it's 31 with a low of 20. But the hourly report says it will be 24 degrees ... in 5 minutes. The hell? I let it use my location for the forecast but there's no way there's a 6 degree (Celsius) difference between where I am and the airport weather station. I've also had the hourly forecast tell me that there's a 0% chance of precipitation while it had been raining hard for the previous hour . This happens pretty much everywhere I go. Do you know who the provider is for WeatherBug?
|
# ? Feb 4, 2015 10:10 |
|
LastInLine posted:That's why a lot of us in the thread prefer apps that use the Forecast.io API. It's an expensive API to use so the apps that make use of it tend to be paid apps but it's accurate. Tunga fucked around with this message at 10:27 on Feb 4, 2015 |
# ? Feb 4, 2015 10:24 |
|
Tunga posted:I was looking at this after you demanded a weather app from me and yeah, it's pretty expensive given that you can only reasonably charge for a weather app once. Makes it difficult for devs to make money from, long term, because you have to keep finding new users. Also, I wouldn't say "demanded", I'd say "suggested". You mentioned you wanted something to show off and realistically I think there's a lot more you can do with a good weather app within Material Design than you can with a clock. I can think of a lot of showy but sound UI ideas that would work splendidly with Material Design when it comes to a generic weather app whereas I'm having trouble coming up with even one good clock idea that does anything to show off design skills. I mean, I'm sure you're talking about being able to show off the code but I'll bet visual punch matters a lot too. I'm not in the field though so I could be way off base.
|
# ? Feb 4, 2015 10:29 |
|
Yeah, I'm kidding, I just couldn't find the right smiley for "not really". Definitely more on the code side, a lot of places want to see open-source code before they'll even give you an interview and since I did all my previous Android dev for a bank you can imagine how much of that I'm allowed to show anyone! But a good looking app certainly doesn't hurt either. I'm no visual designer though I have a pretty good grasp for good UX. Spent the last month rebuilding a terrible iOS port and a lot of that was making it look like an Android app. Whoever made the previous version genuinely screenshotted the iOS slider icons and used them to theme some check boxes instead of just using Android's native Switch/SwitchCompat widget. Why would you do this? Anyway, I agree about weather app ideas. Maybe one day! Tunga fucked around with this message at 10:57 on Feb 4, 2015 |
# ? Feb 4, 2015 10:52 |
|
Any recommendations for a music player app? It needs to have the option of a folder view rather than automatically working off metadata. I'm really just looking for the equivalent of Rockbox on my phone.
|
# ? Feb 4, 2015 12:11 |
|
Naar posted:Any recommendations for a music player app? It needs to have the option of a folder view rather than automatically working off metadata. I'm really just looking for the equivalent of Rockbox on my phone. Use a file manager and let Play Music run it?
|
# ? Feb 4, 2015 12:18 |
|
Naar posted:Any recommendations for a music player app? It needs to have the option of a folder view rather than automatically working off metadata. I'm really just looking for the equivalent of Rockbox on my phone.
|
# ? Feb 4, 2015 12:34 |
|
It is tagged, but the problem is that I prefer to group music by the label it's released on, so folders work better for me. I'll look into MP3Tag, though. I just want a nice interface where I can see folders, make playlists, etc. etc.
|
# ? Feb 4, 2015 12:45 |
|
LastInLine posted:That's a difference between tablet and phone Chrome. I never liked it closing by itself on the tablet either. Actually I think it's a thing oem's do. Since my Nexus 7 doesn't close when there's no tabs but my Sony Xperia Z3 does close when there's no tabs. From what I'm aware of there's no setting to turn it off.
|
# ? Feb 4, 2015 15:23 |
|
Sort of a strange question, but I figured I'd ask here to see if any of you guys had heard of this before. Do you know of any apps (or method) i could use to get access to the focusing optics on my note 4 camera? I've got a speck of dust (or something) on the lens that i want to remove. I was hoping that there was some sort of way I could apply an ultrasonic pulse to the coils that control the focusing optics on the camera and dislodge it...is this a pie-in-the-sky idea? or have you seen it before? Otherwise i guess ill need to go through the stupid song and dance with samsung to get my phone replaced under warrantee for this stupid flaw...
|
# ? Feb 4, 2015 16:05 |
|
Naar posted:Any recommendations for a music player app? It needs to have the option of a folder view rather than automatically working off metadata. I'm really just looking for the equivalent of Rockbox on my phone. Shuttle+, PowerAmp, and PlayerPro all support folder views. Personally, I prefer Shuttle.
|
# ? Feb 4, 2015 16:17 |
|
Naar posted:Any recommendations for a music player app? It needs to have the option of a folder view rather than automatically working off metadata.
|
# ? Feb 4, 2015 21:39 |
|
7 Bowls of Wrath posted:I was hoping that there was some sort of way I could apply an ultrasonic pulse to the coils that control the focusing optics on the camera and dislodge it...is this a pie-in-the-sky idea? or have you seen it before? I don't think so and you will have better luck with warranty than disassembling it yourself.
|
# ? Feb 4, 2015 21:48 |
|
Thanks for all your suggestions, guys. After trying a whole bunch of different players (including Shuttle and Poweramp), I settled on Rocket Player, since it does pretty much everything I want without ads or having to pay for it.
|
# ? Feb 4, 2015 22:07 |
|
Alder posted:I don't think so and you will have better luck with warranty than disassembling it yourself. I agree...
|
# ? Feb 4, 2015 23:47 |
|
LastInLine posted:That's why a lot of us in the thread prefer apps that use the Forecast.io API. It's an expensive API to use so the apps that make use of it tend to be paid apps but it's accurate. I searched a bit and didn't find a definitive answer as to what sources it uses. Oh well, I'm trying Arcus now, it's free (adware) and uses forecast.io. It seems good so far, other than the notification background being white and the widget being rather text-heavy.
|
# ? Feb 5, 2015 03:47 |
|
nmfree posted:I've been using Poweramp for a few weeks, it's not too bad. It supports Samsung's Multiwindow, too, if that's important to you. Poweramp is the first app I bought when I got my first Android phone in the Froyo days, and it's the only one I still use.
|
# ? Feb 5, 2015 06:20 |
|
eXXon posted:I searched a bit and didn't find a definitive answer as to what sources it uses. Oh well, I'm trying Arcus now, it's free (adware) and uses forecast.io. It seems good so far, other than the notification background being white and the widget being rather text-heavy.
|
# ? Feb 5, 2015 12:06 |
|
Skeezy posted:The official Twitter app isn't terrible nowadays but you'll be at the mercy of promoted posts and stuff like that. Fenix is a very good 3rd party app that works, only costs a buck. Probably your best bet is Fenix, it has a material redesign in the works and has all the fancy features that you'd want. On the subject of alternatives to mail clients... I'm using the stock Samsung things right now for my Exchange and IMAP accounts, but it is so buggy and such a slog. Are there good alternatives to put your inbox in one window and not look completely ugly? Which supports Exchange and IMAP? Or am I stuck with having multiple mail apps still if I wanna go away from stock Samsung?
|
# ? Feb 5, 2015 12:16 |
|
Tunga posted:You can edit the widget to just have daily icons or whatever, tap on the location name. I know, but it doesn't really fit into a 1x1 widget, while the text doesn't align next to the icon in the 2x1 size, so you may as well use the detailed text and get more info. ilifinicus posted:On the subject of alternatives to mail clients... I'm using the stock Samsung things right now for my Exchange and IMAP accounts, but it is so buggy and such a slog. Are there good alternatives to put your inbox in one window and not look completely ugly? Which supports Exchange and IMAP? Or am I stuck with having multiple mail apps still if I wanna go away from stock Samsung? I just got an exchange account and K9 mail seems to do okay with it once you disable the duplicate inbox. Now I'm looking for a decent calendar app. Jorte is good but the $3/month for multiple calendars seems excessive. Precambrian Video Games fucked around with this message at 12:33 on Feb 5, 2015 |
# ? Feb 5, 2015 12:30 |
|
eXXon posted:I know, but it doesn't really fit into a 1x1 widget, while the text doesn't align next to the icon in the 2x1 size, so you may as well use the detailed text and get more info.
|
# ? Feb 5, 2015 12:57 |
|
LastInLine posted:K9 still works? I thought everyone who hasn't moved on to Nine was on Touchdown. I could've sworn K9 died like pre-Ice Cream Sandwich?
|
# ? Feb 5, 2015 13:01 |
|
ilifinicus posted:Man, I was wondering why Plume was just getting absolute garbage and just keeps scrolling my timeline FIVE WEEKS BACK IN TIME every time I open it... guess it's time to change to Fenix. Gmail should include IMAP support. It does on most Android UI models, anyway. You can sideload Gmail Exchange Services from APK Mirror. (It's run by Android Police and unless someone's really good at setting up signature collisions it's signed by Google. Actually I'm pretty sure they just upload stuff they rip from /data/app after installing it.) Alternately you might want to give the new Outlook this time (actually published by Microsoft Corporation this time since they bought Acompli like they should have in the first place instead of leaving it to whoever the hell Seven are).
|
# ? Feb 5, 2015 13:59 |
|
|
# ? Jun 6, 2024 23:51 |
|
Well it has a dark theme and gmail doesn't so that's that. Also the interface is reasonably customizable. Oh and Jorte will let you add any calendars you have through gmail without forking over for any upgrades. Unfortunately my exchange account comes with a disclaimer that it will allow IT services to remotely factory reset my phone if it suits them
|
# ? Feb 5, 2015 13:59 |