Sure, but Al Qaeda hates ISIS, they’re direct rivals.

Most may be stretching it:

I was a kid, what kind of research do you expect me to do? My parents and most friends were registered GOP, so defaulting to trusting them makes sense.

Original comment:

Here’s a fun fact: phone manufacturers know this. So what they call “100%” is not actually 100%.

My response, which was a small clarification:

That depends on the manufacturer, some do, some don’t. My phone has a setting to control the max charge, so I set it to 80% when I got it.

And the follow up from a different user:

Yes, but that 100% is not really that. It has been programmed to display that percentage, when i reality its 80%.

And my response:

No, I’m saying that not all manufacturers have that limit, and it’s a relatively new setting (last few years). If you have an older phone or something not from the top few manufacturers, it might not have that feature.

Then our conversation started. That’s the context. Here’s your first comment:

Exactly, which is neither a user setting or relatively new. Battery manufacturers have always had to decide what voltage is what state of charge (percent).

The user setting where you limit it to 80% is on top of what the previous commenter was describing

And then my response:

Sure, if the manufacturer sets it to not charge to the max. I’m saying some manufactured charge to the max by default, hence why that setting is useful.

My point is and has always been that this isn’t universal, so don’t just assume that your phone stops charging at 80% if battery longevity is important to you. Check if your phone does it so you can know.

If anyone is trolling here, it’s you.

Cool, Trump lost me in the 2016 primaries. That was the first election I voted third party, and 2020 was the first election I voted Democrat, and I largely voted Republican before then (McCain and Romney) because I thought they cared about small, responsible and privacy-respecting government.

The warning signs were there from the start. He’s a narcissist and easily manipulated by shiny things and flattery. That type of person isn’t interested in making things better for you, only better for themselves, and someone in Trump’s position cares more about making headlines than people actually liking them.

The only thing I like about Trump is be pissed off conservatives. Everything else is a net negative including the tax cuts that actually kind of benefit me.

Sure, but he was directly opposing ISIS, so he cannot be part of ISIS. It makes no sense.

None of this makes sense:

• al Qaeda is in Afghanistan
• ISIS is largely in Iraq and Syria
• President of Syria joined “al Qaeda in Iraq”, which is affiliated with al qaeda, but isn’t the same org

Basically, the Syrian President worked with an al Qaeda affiliated group to take down Assad and fight against ISIS.

I’m guessing they don’t know anything about ISIS or al Qaeda and probably think Iraq was somehow involved in 9/11.

Wow, released today! Source:

In September 2025, Bloomberg News obtained 18,000 emails from Epstein’s personal account.

On November 12, 2025, Democrats on the House Oversight Committee released three emails that had been subpoenaed from the Epstein estate:

…

Epstein said Trump was the “dog that hasn’t barked” because Trump had “spent hours at my house” with a victim. The victim’s name was redacted from public view. Epstein added: “he has never once been mentioned. police chief. etc. im 75% there”. Maxwell replied: “I have been thinking about that…”

Unrelated:

ISIS in the White House

What does that even mean?

How are these people calling themselves Christians?

Where did they call themselves Christians?

IMO, it takes a special type of double-think to believe that what ICE is doing is loving our neighbors. I sincerely hope they are not actually Christian.

The OP said “all phone ma manufacturers stop charging at 80%.” That means phone manufacturers have a definition for 80% and 100%, and they use 80% universally while showing 100%. The first part is true, the second part isn’t. Some manufacturers show 100% when it’s actually their definition of 100%, meaning charging to 80% manually on those phones has value in prolonging your battery, whereas charging to 80% manually on the phones that cap at 80% doesn’t have value.

It is a security threat, and to claim it doesn’t count is absurd.

Oh, absolutely.

Replay attack is the wrong term, here’s the threat model I’m talking about. Basically, the attacker watches the authentication flow and uses the resulting session (token?) to make web requests as you, stealing whatever data it wants. There’s no attack on the authentication scheme, but on the shortcuts web services use.

It doesn’t matter if you use passwords, TOTP, or webauthn, there’s going to be some vector to attack the system without breaking the authentication mechanism.

The average user isn’t going to see much security benefit from webauthn vs TOTP in the same way that adding a better lock to your front door is unlikely to improve your overall home security, because at a certain point, the burglar will just smash a window. TOTP is good enough because it’s safe from attacks on email and SMS that worse one-time code systems use. You should definitely have a lock on your door, but at a certain point, the lock is no longer the weak point in the system.

And yes, I’m using “code generation” as a generic catchall. I group auth systems like so:

• offline threats - e.g. passwords that can be broken by seeing the hash
• reliant on third party service that can be attacked separately - email and SMS
• “code generation” - uses some cryptographic mechanism to generate some unfakable code that can’t be reused; seeing more examples doesn’t help, and codes can’t be reused

If your password manager handles the second factor, the user experience of TOTP vs webauthn is nearly identical, and the security is nearly identical to your average attacker, to the point where they won’t attack the authentication mechanism itself, but something else on the website or the password manager itself.

The problem is that most people do only use plain old passwords. If we can get any kind of extra security, even TOTP, then all the better.

Exactly. The difference between TOTP and webauthn only really matters if you’re a government or something else where state-level actors are part of your threat model. If your service uses one or the other, the distinction isn’t important to the average user.

The only MITM attack I’ve seen is entering codes before the user does. That’s not breaking TOTP in any meaningful way (which is what I was trying to get at), so it would be similar for password entry or even passkeys if they have sufficient control over the device or network to essentially do a replay attack.

I’m basically saying that generating codes with TOTP and passkeys are a similar process and are subject to similar threats. Passkeys are slightly better since codes can’t be generated independently, but AFAIK that’s not a significant threat for TOTP anyway, because if they have that level of control, they already have your data.

The choice between TOTP or passkeys is not a significant one, if your provider offers one or the other, your account will be reasonably secure. If your TOTP solution is built in to your password manager, it’s basically the same thing so you should probably prefer passkeys.

Yeah, the implementation is very different.

I’m just saying that it’s similar from an average user point of view. You set it up once, then your app generates a unique code that the server can associate with you in a way that can’t be broken by a third party watching traffic.

Weird. As a Linux user, I don’t remember the last time I visited their website since I just install it from the package repos.

Yup, they try to make the game more “fair” (i.e. help those who fall behind), but the game was intentionally designed to be unfair, so “fixing” it just drags it out.

Yup, it’s closer to TOTP than a password/number.

Until it’s not

How relevant are Firefox release notes after the subsequent release? That’s one resource I don’t mind not being archived.

I’m pretty inclined to downvote any post that is a link without a short summary or context.

Why? The summary of Firefox release notes is the Firefox release notes.

I agree there should be a summary for other things, esp. videos or long articles, but for release notes, they’re already generally in a condensed format. This one is a few pictures with a couple sentences explaining what’s new in them.

That really depends on the community. When I was there, I would avoid the larger communities and seek out smaller communities. When I first joined Reddit, it was to avoid the attention-seeking posts by humans, and near the end it was to avoid attention-seeking posts by bots and humans alike. The best content IMO is on subreddits with <100k subs and <5 posts per day.

All I want is a game that’s not a buggy mess.