To me, this totally depends on your threat model.

Generally, a one-time password is an additional security measure that prevents someone from going to a website and simply using obtained credentials (eg from a leak) or brute-forcing them. An attacker needs the second factor.

If you store your 2FA secret alongside your password in a password manager, you still gain protection from these attacks. And it's very convenient. However, you also increase your attack surface: if they break into your password manager, your done.

If your threat model allows it (mine does), this is still very secure and also very convenient.

Exactly. The greatest risk to the average person is their credentials are obtained through a leak and 2FA helps mitigate that impact.

I know many people who still reuse passwords, which certainly have been leaked, and are probably protected only by 2FA.

+1 get Anki, start building you deck. Especially for the theoretical classes it's a god sent to just know definitions, proofs, etc by heart. They will be useful during all of your studies and it can't hurt to continue knowing them.

Making high quality flash cards deserves concentration as well.

I have been using EURKey for a few years now. You might like it. https://eurkey.steffen.bruentjen.eu

Nice project. However it makes writing in some languages merely possible but not easy. For example Portuguese uses a lot of ã and õ, which are only available via dead keys. If I have to use dead keys anyway, then I'd rather use a Compose key, aptly mapped on the otherwise-useless Insert key.

Besides, Romanian language is not fully supported, lacking ț and ă, and Polish too, lacking ą and ę.

The problem with eurkey is the high enter key on German keyboards, it's kinda made for US keyboards. (I usually map caps-aous to äöüß and that's good enough for me).

My problem is a proper layout on a German keyboard, not some weird Umlauts on a US one :P

Thanks! It does indeed look better than the prevalent "US intl", which places Ö on the P key in favor of accented O.

I think, because I only ever need umlauts, I still prefer "German (US)" which only adds umlauts to the US layout.

Yeah, I love EURKey, it even includes the capital ẞ. The only thing I’d like is an easier typographic apostrophe (’ instead of ') which is on Ctrl+Alt+Shift+0 (though I do use it almost automatically, nowadays).

I really wish people would stop using "beautiful" as if it were an objective adjective.

I interpret that as meaning that good looks was one of their design goals. It doesn't necessarily mean everyone will find it pretty.

Ditto "fast".

Unless it's accompanied by benchmarks; then it's fine.

There are different aspects to this. The first and the easily verifiable one is that they default to client-server-client connections, not end-to-end encryption. If you want to have an end-to-end encrypted channel, you have to explicitly open a "secret chat". However, this removes the convenience of cross device syncing.

The second one is more difficult to evaluate. If you use the above mentioned "secret chat" feature, Telegram employs their own closed-source encryption scheme. That's usually an indicator to be cautious from the get-go. Since it's closed source, it can't really be trusted.

See [Wikipedia](https://en.wikipedia.org/wiki/Telegram_(software)#Security) for a timeline in regards to the security.

Telegram clients are open source. I downloaded and built MacOS version recently - it was very straightforward.

https://telegram.org/apps#source-code

Encryption for secret chats doesn't involve server, so technically it can be analyzed.

It's a pity Telegram decided to roll their own encryption scheme. I use Telegram a lot for daily business because it's superior desktop messenger product. I would gladly participate if somebody started a crowd-funding for Telegram's security and encryption audit.

> Encryption for secret chats doesn't involve server, so technically it can be analyzed.

Except if you are on desktop, you have no secret chats at all. And "desktop" includes GNU/Linux phones.

I was missing that one too and did some research about it a while ago. You can achieve the system-wide PiP mode in Safari with a bookmarklet. I posted the guide here: https://felixfoertsch.github.io/tip/2019/02/15/use-pip-via-b...

PiP worked in Safari with an extension[0] right? That's why I was still using it for YouTube streaming in the background.

I've switched to Firefox on almost every other platform (apart from iOS). with Firefox 72, I've switch to Firefox only on MacOS as well.

[0]:https://apps.apple.com/us/app/pipifier-pip-for-nearly-every-...

Can anybody share some insight as to why the PiP mode is implemented non-natively? Both macOs and Windows have a system PiP mode that should be usable?

I feel the same way. These guys are in every thread about editors posting a link to their site. They posted about it so often, I wish I had a filter for it by now. I think HN has to step up their adblock game.

> Open other part of your app in new tab. Unless the developers forbid it... and always finding new ways to forbid it...

Man I hate the new web.

This is more of an old web, and because of bad design: keeping state of the app on server, rather than in the browser (or are you referring to limiting open in new tab?).

But yes, I hate the new web too (sometimes).

I was thinking of web apps like MS Teams that just simply do not allow to open a new tab on click for whatever reason. I can open the app in two windows just fine, but I can't right/middle click on something to tell it to open in new tab. Why would I not want be able to open a Word Online document in a new tab directly?

There are other apps, that are even worse. Allowing something to open in a new tab/window but identifying that there are multiple windows open and just disabling all but the main window...

I don't understand developers that do this. I always felt that multiple tabs is a strength of the web. They worsen it somehow.