What do people think of my hobby project, “AlexGames”: (F-Droid) (Web version) (Source on Github, AGPLv3).

It’s a collection of simple games, mostly solo or local multiplayer, though the web version supports network multiplayer by sending your friend a URL: solitaire, chess, go, reversi, checkers, minesweeper, backgammon, some word puzzle games, and some arcade type games.

I was planning on adding AI next. And I really should polish the Android app, I’ve mostly only focused on the web version. And if people want, I could also submit to Google Play. My calculator app seems to be a lot more popular on F-Droid than Google Play, so I haven’t bothered uploading this one to Google Play yet.

Happy to hear any feedback! I suspect that it looks too bland and unpolished for many people to be interested, or maybe it needs different kinds of games? My goal was to not need to download a bunch of ad filled free apps from the play store for when I wanted to play games with a friend on a flight or something, or just idly play something simple like solitaire.

edit: also in the Android app, stick to the “webview” version… the native Android version is mostly an experiment, I meant to hide it behind a setting but never got around to it.

Is OVH $4.67/mo? (source)

I’d be interested in a Canadian version of something like this, for $15 USD/yr: https://tinykvm.com/

I’ve been using it for a few years now and it’s great for a few hobby web dev projects. I feel like ~$5/mo is a lot for something I just play with now and then and host a simple static site on, but ~$1/mo feels fine.

And +1 to the other person who responded about how self hosting email is too much work, I’ve heard that it’s extremely difficult not to end up getting blocked, presumably because spammers significantly outnumber legitimate self hosters, and most people use one of the big email providers anyway. (I don’t like this, I feel like email is very important and we deserve the right to self host it, but I don’t know what can be done about it)

deleted by creator

+1 to this, I feel like having a ton of money is what corrupts leadership, not necessarily their technical background.

Maybe Spez and Zuck haven’t changed much, but I feel like some others started out as relatively reasonable people who were also technically brilliant, but eventually their companies started doing shitty things and they are both aware and apparently unwilling to stop it.

Perhaps corruption in the Soviet Union is a good example of how even people from normal hard working backgrounds (i.e. not billionaires who have never worked a day in their life) can still be corrupted by power and a lack of accountability.

TL;DR: how could you ever trust anyone to define a social credit score based on actions/words? And how can you offer debt without having something like a (better implemented) credit score?

I think I understand where you are coming from, assigning people a “worth” based on something financial is messed up. Ideally there would be some way to instead reward people for good things like being polite to people, and not littering. And possibly to penalize people for engaging in bad behaviour.

But even if I trusted the current government to implement this with the right goals, I would never trust future governments not to abuse this system. I don’t think I’d really trust any sort of group to do this right. I’m already disappointed enough with our current democracy (in Canada) for not getting rid of first-pass-the-post, and I’m skeptical that much will change with interprovincial trade barriers (why not sooner?).

But the idea of a better implemented credit score to track only severe abuse of debt doesn’t seem entirely unreasonable to me. Obviously the current system is messed up and has major problems, but I feel like it could plausibly be fixed and done in a reasonable way. I think debt to buy a house (and maybe sometimes a car) is generally a good option to have. And I don’t know how you could offer this without tracking people who don’t pay. (Though maybe I’m wrong, maybe just going based off of income history is enough.)

But yes, the current system is ridiculous. People should be rewarded for never needing debt, not disqualified from getting future debt without notice. And it should be much easier to track and fix problems on our credit score. And things like cell phone bills don’t seem worth being affiliated with credit bureaus. I think most people would be better suited to prepaid plans if they were options. And I feel like financing phones is a really bad thing, people don’t realize how expensive they are. I’d rather if all my utility bills just collected some deposit instead of potentially being able to ruin my credit if a bill gets lost in the mail after I moved out. (But this could be too expensive for a lot of people, so again the credit score seems to have a purpose).

Which one are you referring to:

• Synthetik: Area (free to play): https://store.steampowered.com/app/984110/SYNTHETIK_Arena/
• Synthetik: Legion Rising: https://store.steampowered.com/app/528230/SYNTHETIK_Legion_Rising/
• Synthetik 2: https://store.steampowered.com/app/1471410/SYNTHETIK_2/

I’m interested in the top down kind of style, I was expecting an FPS but this could be fun.

I also liked Doom 2016 and it worked well on Linux. I’m sad to hear that the later ones weren’t as good.

Do you know of any games similar to Doom 2016 that you’d recommend? I liked how it didn’t waste time trying to tell a story, usually I’d watch a movie or read a book if I want a good story. Doom had enjoyable steady action and I felt like I could enjoy it for half an hour at a time without needing much time to get into it.

What sort of numbers are people expecting for this? I read somewhere that the NDP proposed a tax of 1-2% on assets above $10M, does that sound right?

I was curious about specifics but couldn’t find any in the article.

I don’t think it’s only you. I remember him saying (and even tweeting) that 2015 will be the last FPTP election if the liberals were elected. I was younger at the time but I remember a lot of people reluctantly voted for him instead of the NDP just to finally end FPTP and be able to choose the NDP as their first choice in the next election (but still choose the liberals as their second choice, to keep the conservatives out). Further reading for anyone interested: https://en.wikipedia.org/wiki/Vote_splitting

Then they won, claimed that they couldn’t find an alternative that everyone liked, and apparently that was it.

My understanding is that many people would have been happy with “anything” besides FPTP, but weren’t able to agree on their first choice? …surely it’s not that ironic? Or maybe there’s more to it than that?

Anyway overall the liberals may have still been the best choice… but this wasn’t some minor promise that he made. I think this is what was most important to a lot of people. Err… I think? No one seems to talk about it now.

edit1: added link to tweet

edit2: This article seems to summarize the timeline: https://globalnews.ca/news/3102270/justin-trudeau-liberals-electoral-reform-changing-promises/

edit3: this seems more helpful: https://en.wikipedia.org/wiki/Elections_in_Canada#2015_federal_election

To clarify on this: even the people who use gibberish as their password and don’t store it and rely on password resets via email are actually somewhat safe if their email is also highly safe. Maybe their password strategy for CRA implies they don’t take their email password security seriously either… but still, my point is just that “at least as secure as your email” can be an incredibly high bar if you do it right

Yes but you’re free to use an email provider which also supports security keys, which gmail and proton mail* do. I understand that the CRA needs to accommodate the average person who doesn’t care about security, but I think everyone in this thread appreciates when they also cater to people who care deeply about security and are willing to use strong unique passwords in a password manager and security keys or at least TOTP.

* it seems like they require keeping TOTP enabled because their mobile apps don’t support security keys. Meh.

This may sound like a wild fantasy to some, but the US IRS seems to have some partnership with ID.me which supports security keys. But I’m impressed that the CRA supports TOTP before major banks so maybe this could happen.

Granted they also have separate logins for state income tax and California is… well let me just say that I’m grateful that the CRA doesn’t force you to reset your password every 4ish months. (California state income tax (FTB?) does).

Ah, I hadn’t heard of the SSL issue, thanks for sharing!

I’ve noticed that Tangerine only allows for a 6 digit pin, but I think they might also allow for a security question and SMS 2FA? I started signing up with them and gave up when they required a Canadian cell number (I hadn’t yet switched due to high costs, but recently they’ve become surprisingly reasonable—ignoring roaming) and I saw the 6 digit pin password requirement.

I think it was also BMO that a friend told me required a maximum 8 character password until very recently?

Anyway overall, thanks for reassuring my suspicion: I should just pick one of the banks and not let “perfect” (or even “decent”) be the enemy of “almost adequate but not great”.

Thanks, I suspected this (I only see “authenticator app” when I log in on a new device or periodically, but I wasn’t sure.

Related: for finance related services like Questrade, I’ve stored my TOTP keys on a U2F key, Yubico in my case. Besides the hassle of managing physical keys, is there any drawback to this approach? I’m slightly worried I’ll lose all my keys in a house fire or something, but I assume there’s a recovery option.

Unfortunately I think this is the norm with big banks in Canada, and it is similar to a credit union in the US from when I briefly lived there. Security seems to be a second priority to people losing access (presumably only briefly, since they have brick and mortar locations everywhere).

Wealthsimple and Questrade seem to support TOTP but I’m not sure if you can still bypass it with SMS. I don’t think so but I haven’t dug into it.

I’ve used CIBC before and they also seem to require keeping SMS 2FA enabled. Also they send me fraud alerts over SMS, “respond Y to authorize this suspicious transaction”, and I’m dreading the day where I have to enable roaming while travelling just to send a text. They send push notifications through the app to login on a new device though, so maybe in 10 years they’ll do it for transaction approval too.

Also aside about TD: is there really no way to download a CSV file of all your transactions? My partner uses them and I think we were limited to 18 months, and may have even had to download each much separately (luckily I can use use a program like cat to workaround this, but that seems like a pain for most people). CIBC has irritated me in a lot of ways but I think I can download transactions from back to 2012 when I first opened my credit card, maybe earlier.

Do you or anyone know about other big banks? My partner and I are looking into a joint account and I want to be able to download all transactions to CSV. Ideally we could get TOTP only (no SMS 2FA) but I’m not counting on it.

Thanks, I edited my comment. No idea how I missed that it was 30 seconds for all this time. It looks like my own TOTP codes are even 30 seconds so I don’t know what I was thinking.

It looks like you may be able to disable SMS 2FA entirely? It’s unclear to me (edit: if this is a viable option):

Can I stop getting Short Messaging Service (SMS) messages for CRA’s Multi-factor authentication?

Yes. You can text “STOP” to 27223 or reply “STOP” to the message containing your one-time passcode to stop receiving SMS messages to that telephone number in the future. However, it is important to note that CRA’s Multi-factor authentication (MFA) service is mandatory and a passcode is required to sign in to the CRA’s sign-in services. Texting “STOP” will prevent your telephone from receiving an SMS message with your passcode in the future. Without the passcode, you will be unable to access the CRA sign-in services using this option and will need to choose an alternate MFA option to use. This option applies only to Canadian telephone numbers.

I’ll probably leave it enabled anyway just in case (given that I only log in to CRA once per year or so), but I applaud the potential of relying on TOTP only, and not allowing SMS 2FA as a “back door”.

Also big pro is that they allow third party TOTP apps instead of making their own like TD and even Steam (bundling it into their main app).

Not OP but I wanted to read more (edit: about CRA’s approach to TOTP, before getting the chance to try it myself), I searched and found this: https://www.canada.ca/en/revenue-agency/services/e-services/cra-login-services/multi-factor-authentication-access-cra-login-services.html#toc3

What is a third-party authenticator app?

A third-party authenticator app can be installed on an app enabled mobile or desktop device to be used for MFA. The app store offers many free third-party authenticator app options to choose from. Users will need to download an app that is compatible with the CRA sign-in services.

Using the app, the user scans a QR code with a mobile device when prompted. If unable to scan the QR code the user can manually enter the setup key the CRA provides into the app. The app will now be set up and the user will not have to complete this step again.

The app will then generate a 6 digit Time-Based One-Time Passcode (TOTP). When signing in to the CRA sign-in services users will be required to enter a one-time passcode provided by the app. For security, the app will generate a new TOTP every 30 seconds.

Edit: This is awesome, I’m so glad I can switch away from SMS 2FA on yet another service (and such an important one). But I am curious about a few things, see below.

Some thoughts:

• (edit: my bad, I thought 60 seconds was more common but I checked my other TOTP and they seem to be 30 seconds) why is it 30 seconds instead of 60 seconds? I’m pretty sure every other TOTP I’ve seen is 60 seconds. What is the benefit of this? Someone has 30 fewer seconds to read the code over your shoulder and log in on their device?
• TD offers a passcode generator app, but it seems like you can’t disable SMS 2FA, so if you’re worried about SIM jacking then you are out of luck. Presumably they’re worried about people losing their device with the TOTP secret, but I usually back that up on multiple devices and have recovery codes. I think all the big banks are similar. Edit: I’m curious to know what CRA does, but I’m away from my PC right now.
• nit: the previous login requires you to re enter the code from SMS 2FA or the grid thing every 8 hours I believe. But most other services seem to let you persist a cookie on the device for 30 days or so, presumably because cookie theft isn’t a huge risk, and because entering your password alone is enough to prevent other people with access to your computer from accessing your sensitive CRA account

Anyway, sorry for the negativity. This is a great step and I shouldn’t focus on negative things. I just hate how accounts I don’t care much about like Facebook (and formerly Runescape) accounts seem to be more secure from malicious logins than my bank and possibly CRA accounts.

I still prefer a physical SIM for my main cell plan, but when travelling to other countries it is so amazing to be able to just download an eSIM and avoid roaming fees. Airalo is quite convenient, but I hear it’s getting pricey compared to other options.

Plus with dual SIM I can disable roaming on my main SIM but still receive texts for free, but use data for cheap with the local eSIM at the same time.

Disclaimer: I live in Canada which has some of the most expensive cell plans in the world. Roaming in the US is $13 CAD/day and $16 CAD/day in the rest of the world. That seems like blatant extortion to me, they can’t blame Canada’s large size for expensive roaming fees (right?). I think US plans are a lot better, and I assume European cell plans are generally even cheaper.

Edit: I prefer physical SIMs for my main plan because if my main phone is dead or broken, I can just pop the physical SIM in an old phone that I bring while travelling. Until eSIMs can be somehow transferred like that, I don’t see myself using them for my main cell plan. Just remember to set a SIM PIN so that if someone steals your phone, they can’t use your SIM card to receive 2FA texts.

Edit 2: eSIMs are generally a pain to transfer between phones. I think my cell provider lets you do it online by scanning a QR code, but I know some make you call them and read 16 digit codes over the phone. Some even charge a small fee. I dread the day where other cell phone manufacturers follow what Apple did in the US (I think?) and make eSIMs the only option.