axby

Thanks, I edited my comment. No idea how I missed that it was 30 seconds for all this time. It looks like my own TOTP codes are even 30 seconds so I don’t know what I was thinking.

It looks like you may be able to disable SMS 2FA entirely? It’s unclear to me (edit: if this is a viable option):

Can I stop getting Short Messaging Service (SMS) messages for CRA's Multi-factor authentication?

Yes. You can text "STOP" to 27223 or reply "STOP" to the message containing your one-time passcode to stop receiving SMS messages to that telephone number in the future. However, it is important to note that CRA's Multi-factor authentication (MFA) service is mandatory and a passcode is required to sign in to the CRA's sign-in services. Texting "STOP" will prevent your telephone from receiving an SMS message with your passcode in the future. Without the passcode, you will be unable to access the CRA sign-in services using this option and will need to choose an alternate MFA option to use. This option applies only to Canadian telephone numbers.

I’ll probably leave it enabled anyway just in case (given that I only log in to CRA once per year or so), but I applaud the potential of relying on TOTP only, and not allowing SMS 2FA as a “back door”.

Also big pro is that they allow third party TOTP apps instead of making their own like TD and even Steam (bundling it into their main app).

Not OP but I wanted to read more (edit: about CRA’s approach to TOTP, before getting the chance to try it myself), I searched and found this: https://www.canada.ca/en/revenue-agency/services/e-services/cra-login-services/multi-factor-authentication-access-cra-login-services.html#toc3

What is a third-party authenticator app?

A third-party authenticator app can be installed on an app enabled mobile or desktop device to be used for MFA. The app store offers many free third-party authenticator app options to choose from. Users will need to download an app that is compatible with the CRA sign-in services.

Using the app, the user scans a QR code with a mobile device when prompted. If unable to scan the QR code the user can manually enter the setup key the CRA provides into the app. The app will now be set up and the user will not have to complete this step again.

The app will then generate a 6 digit Time-Based One-Time Passcode (TOTP). When signing in to the CRA sign-in services users will be required to enter a one-time passcode provided by the app. For security, the app will generate a new TOTP every 30 seconds.

Edit: This is awesome, I’m so glad I can switch away from SMS 2FA on yet another service (and such an important one). But I am curious about a few things, see below.

Some thoughts:

• (edit: my bad, I thought 60 seconds was more common but I checked my other TOTP and they seem to be 30 seconds) ~~why is it 30 seconds instead of 60 seconds? I’m pretty sure every other TOTP I’ve seen is 60 seconds. What is the benefit of this? Someone has 30 fewer seconds to read the code over your shoulder and log in on their device?~~
• TD offers a passcode generator app, but it seems like you can’t disable SMS 2FA, so if you’re worried about SIM jacking then you are out of luck. Presumably they’re worried about people losing their device with the TOTP secret, but I usually back that up on multiple devices and have recovery codes. I think all the big banks are similar. Edit: I’m curious to know what CRA does, but I’m away from my PC right now.
• nit: the previous login requires you to re enter the code from SMS 2FA or the grid thing every 8 hours I believe. But most other services seem to let you persist a cookie on the device for 30 days or so, presumably because cookie theft isn’t a huge risk, and because entering your password alone is enough to prevent other people with access to your computer from accessing your sensitive CRA account

Anyway, sorry for the negativity. This is a great step and I shouldn’t focus on negative things. I just hate how accounts I don’t care much about like Facebook (and formerly Runescape) accounts seem to be more secure from malicious logins than my bank and possibly CRA accounts.

Must be this:

https://en.m.wikipedia.org/wiki/2018_Toronto_van_attack

The attack is characterized as misogynist terrorism because it was motivated by revenge for perceived sexual and social rejection by women. At the time of his arrest, Minassian described himself as an incel to the police and in prior social media postings, and described the attack as the continuation of an "incel rebellion", started by the late Elliot Rodger.[11]

Sorry for the mobile Wikipedia link.

I still prefer a physical SIM for my main cell plan, but when travelling to other countries it is so amazing to be able to just download an eSIM and avoid roaming fees. Airalo is quite convenient, but I hear it’s getting pricey compared to other options.

Plus with dual SIM I can disable roaming on my main SIM but still receive texts for free, but use data for cheap with the local eSIM at the same time.

Disclaimer: I live in Canada which has some of the most expensive cell plans in the world. Roaming in the US is $13 CAD/day and $16 CAD/day in the rest of the world. That seems like blatant extortion to me, they can’t blame Canada’s large size for expensive roaming fees (right?). I think US plans are a lot better, and I assume European cell plans are generally even cheaper.

Edit: I prefer physical SIMs for my main plan because if my main phone is dead or broken, I can just pop the physical SIM in an old phone that I bring while travelling. Until eSIMs can be somehow transferred like that, I don’t see myself using them for my main cell plan. Just remember to set a SIM PIN so that if someone steals your phone, they can’t use your SIM card to receive 2FA texts.

Edit 2: eSIMs are generally a pain to transfer between phones. I think my cell provider lets you do it online by scanning a QR code, but I know some make you call them and read 16 digit codes over the phone. Some even charge a small fee. I dread the day where other cell phone manufacturers follow what Apple did in the US (I think?) and make eSIMs the only option.

Steam link (for more info about the game and reviews): https://store.steampowered.com/app/300570/Infinifactory/

Does the epic store really not show any screenshots, or am I just not able to find them?

Awesome, thanks for sharing this! I haven't gotten into audiobooks yet, but it's good to know that there are user friendly options out there.

Vaguely related: it's also possible to listen to audio books through local libraries in some cases. I think the app is not as friendly, and does a lot to prevent you from getting DRM free mp3s, but at least there's no charge.

Thanks, this is somewhat reassuring. Maybe some day I'll try it. I used to like tinkering with things, but lately I haven't had as much patience or free time.

Ah, I actually have bought a few music CDs a while ago, and they were actually fairly easy to rip myself. I can't complain about that at all. If ripping DVDs was that easy then I would probably enthusiastically buy a few DVD boxsets. But I don't really want to buy dedicated hardware just to read DVDs on my PC to do a cumbersome ripping process, and also probably lug that hardware (or the entire PC) to my TV now and then to watch a movie.

I've been interested in vinyl for a while, does it really sound better?

I may have missed it, but does he (or anyone else) have recommendations for options to simply pay for content and get high quality DRM free files (edit: I mean legally)?

And how much of a pain in the ass is it to buy DVD box sets and rip them? Presumably that’s legal for personal use? Is that the only way? :(

I have some additional frustrations with Netflix:

• they have removed some shows that I like
• if you travel to another country, you can’t always watch the same shows— even if you downloaded them within the app
• they completely remove some episodes: the episode of community where they play Dungeons and Dragons, and (other streaming services) remove the Michael Jackson Simpsons episode.
• extremely user hostile way to browse content. They always move your list around and show the same show in multiple places
• I absolutely hate how all these streaming services auto play to the next episode. You can often change this behaviour. But my partner sometimes casts it to our TV and the damn app (Disney+ in this case, I think) changes the interface just as you get to the credits. I want to sit in peace and let the credits play, and discuss the episode. But it tries to shove another one down your throat, presumably to “maximize engagement”. (I get it for content that you’re binging or are re watching. But this is horrible if you’re just watching an episode during dinner and don’t want to have to scramble to stop the autoplay as soon as it ends)

I really like Aegis for 2FA/TOTP:

https://github.com/beemdevelopment/Aegis

Edit: also Element, a matrix client, for messaging: https://element.io/download

Edit 3: Feeder for RSS (Google Play), (F-Droid), I really like how you can extract the text of articles without ads.

Edit 4: Simon Tatham’s Puzzles, a bunch of simple puzzle games, no ads or BS (Google Play) (I think this is the right one: F-Droid). Fun fact: he created PuTTY.

Edit 2: also minidlna (apparently called ReadyMedia now) as a UPnP/DLNA server to host music and videos on your PC, then you can easily watch using VLC on a phone/computer (and any smart TV with the VLC app, probably) within the LAN. I’d be interested to hear any recommendations for how to easily access my UPnP server from outside my network from my phone. I’m sure there’s some way to do it with a VPN, but I’d rather only route the media streaming traffic through my home network, not all my phone’s traffic.