The other side is that if a large company like Google had to pay the maintainers, they would’ve rather done this themselves, and the rest of us wouldn’t have access to a free piece of code that’s literally good enough to be the backbone of the internet.
I don’t want the maintainers to work for free. But I don’t know if we at large would benefit from the alternative.
That's a very good question, since the page shows five screenshots and one photo of a multi monitor setup for me. In addition, there's a link to https://wiki.haskell.org/Xmonad/Screenshots
I think the screenshots disappear (instead of just going into a single column mode) on very small screens, so people looking at xmonad.org from a mobile phone may not see them. Hm, we might want to fix that, perhaps.
Maybe I'm irrational, but it's one of the things that makes me real hesitant about where I deploy TOTP. Sometimes my cellphones randomly have a wildly wrong time -- a misbehaving (or malicious) cell-tower perhaps? And sometimes my computer gets the wrong time too -- e.g. booting between Windows and Linux screwing up the system timezone setting, or ntp failing to start properly, or when I busted up my CMOS. And I have to wonder, how secure is ntp from someone just spamming a system with the wrong times which can block me out?
I'd almost rather a combined thing where it's HOTP but it also rotates once per day like at midnight? Does anything do that, or does it even make sense? Is there a reasonable alternative -- challenge-response maybe?
> Sometimes my cellphones randomly have a wildly wrong time -- a misbehaving (or malicious) cell-tower perhaps?
If you experience that often, I would probably disable the setting to automatically set time from the network.
> booting between Windows and Linux screwing up the system timezone setting
That’s easily fixable with one registry change (RealTimeIsUniversal). You can also tell Linux to use the local time, but Linux will be less happy about that than Windows (Linux won’t write to the real-time clock automatically, for example).
The Linux/Windows timezone issue can be fixed with a registry setting [1]
If for some reason your time is off (e.g. after 3 failed attempts), it's easily detectable and fixable. Just browse to time.is [2], and your time is off, and set it manually if needed.
Because there's an increased dependency on accurate time, bad network time is now quite a rare occurrence in my experience. I haven't seen it happen in the last 3 years.
Once you point NTP to a trustworthy service (e.g. time.google.com [3] or time.cloudflare.com [4]), you won't have any issues.
The Google time server offers leap smear [5], and the Cloudflare one offers NTS (authenticated NTP).
It's one thing to lock yourself out of your application or admin interface when NTP breaks. It's another thing entirely to lock yourself out of recovering the server entirely when clock skew inevitably hits you.
If you really want 2FA for SSH, use something like Yubikeys that increment a counter and generate tokens based on that counter. And use it during the actual authentication session, not for figuring out which magic port the server will be listening on. You never have to worry about synchronized clocks, just a database tracking the highest counter value ever seen, so that previous values can't be reused.
It is my understanding that nuclear isn't particularly expensive as unlike other forms of energy, all costs (including long term storage of waist) are calculated in advance.
And this is a very good thing - we have an exact number that encapsulates the entire cost of this energy for good.
The problem with nuclear is that we are extremely poor at calculating this number up front, typically by a factor of 2x-5x. Construction starts based on unrealistic expectations of huge profits, then as expenses explode, the hope of profit disappears. Projects will complete if the builders are susceptible to the sink cost fallacy, or if they do not need to compete with cheaper forms of energy.
And if low operating expenses is a good thing, then solar and wind and battery storage are far better than nuclear on that front.
A worse battery, no reverse charging, huge notch compared to alternatives...
I was planning to upgrade my phone but I guess I'll have to wait for iPhone 13
