Worry not: in 20 years’ time people born in 2028 will all pretty much look like kids to you.
Worry not: in 20 years’ time people born in 2028 will all pretty much look like kids to you.
I have a cheap N100 mini-PC with Lubuntu on it with Kodi alongside a wireless remote as my TV box, and use my TV as a dumb screen.
Mind you, you can do it even more easily with LibreELEC instead of Lubuntu and more cheaply with one of its supported cheap SBCs plus a box instead of a mini PC.
That said, even the simplest solution is beyond the ability of most people to set up, and once you go up to the next level of easiness to setup - a dedicated Android TV Box - you’re hit with enshittification (at the very least preconfigured apps like Netflix with matching buttons in your remote) even if you avoid big brands.
Things are really bad nowadays unless you’re a well informed tech expert with the patience to dive into those things when you’re home.
The Haaretz is a well established Israeli Newspaper.
I use a pretty basic one (with an N100 microprocessor and intel integrated graphics) as a TV box + home server combo and its excellent for that.
It’s totally unsuitable for gaming unless we’re talking about stuff running in DOSEmu or similar and even then I’m using it with a wireless remote rather than a keyboard + mouse, which isn’t exactly suitable for PC gaming.
Mind you, there are configurations with dedicated graphics but they’re about 4x the price of the one I got (which cost me about €120) and at that point you’re starting to enter into the same domain as small form factor desktop PCs using things like standard motherboards, which are probably better for PC gaming simply because you can upgrade just about anything in those whilst hardware upgradeability of mini PCs is limited to only some things (like SDD and RAM).
Well, I haven’t really made any large wire transfers to accounts outside the EU from that bank in over a decade so can’t really confirm or deny.
I do know that in past experience with banks in general, the people checking the validity of suspicious transations (and large transfers to accounts outside the EU tend to fall into that classification given the prevalence of online scams from countries were the Law is a bit of a joke) will actually call you, or at least they did in the UK some years ago (pre-Brexit) which was the last time I had experience with something like that.
(At one point I also worked in a company that made Fraud Detection software).
Maybe they switched to SMS to save money, I don’t know.
Ah, I see.
Your point is that the use of a secondary channel for a One Time Pass is still an insecure method versus the use of a time-based one time password (for example as generated in a mobile phone app or, even more secure, a dedicated device). Well, I did point out all the way back in my first post that SMS over GSM is insecure and SMS over GSM seems to be the secondary channel that all banks out there chose for their 2FA implementation.
So yeah, I agree with that.
Still, as I pointed out, challenge-response with smartchip signature is even safer (way harder to derive the key and the process can actually require the user to input elements that get added to the input challenge, such as the amount being paid on a transfer, so that the smartchip signs the whole thing and it all gets validated on the other side, which you can’t do with TOTP). Also as I said, from my experience with my bank in The Netherlands, a bank using that system doesn’t require 2FA, so clearly there is a bit more to the Revised Payment Systems Directive than a blanked requirement for dynamic linking.
It think you’re confusing security (in terms of how easy it is to impersonate you to access your bank account) with privacy and the level of requirements on the user that go with it - the impact on banking security of the bank having your phone number is basically zero since generally lots individuals and companies who are far less security conscious than banks have that number.
That said, I think you make a good point (people shouldn’t need a mobile phone to be able to use online banking and even if they do have one, they shouldn’t need to provide it to the bank) and I agree with that point, though it’s parallel to the point I’m making rather than going against it.
I certainly don’t see how that collides with the last paragraph of my original post which is about how the original thread poster has problems working with banks which “require a separate device that looks like a calculator to use online banking” which is an element of the most secure method of all (which I described in my original post) and is not at all 2FA but something altogether different and hence does not require providing a person’s phone to the bank. I mean, some banks might put 2FA on top of that challenge-response card authentication methods, but they’re not required to do so in Europe (I know, because one of the banks in Europe with which I have an account uses that method and has no 2FA, whilst a different one has 2FA instead of that method) - as far as I know (not sure, though) banks in Europe are only forced to use 2FA if all they had before that for “security” was something even worse such as username + password authentication, because without those regulations plenty of banks would still be using said even worse method (certainly that was the case with my second bank, who back in the late 2010s still used ridiculously insecure online authentication and only started using 2FA because they were forced to)
I literally said 2FA over SMS is not secure because of weaknesses in the GSM protocol.
It’s still more secure than username + password alone, but that’s it.
Those little boxes are just a bit of hardware to let the smartchip on the smartcard do what’s called challenge-response authentication (in simple terms: get big long number, encode it with the key inside the smartchip, send encoded number out).
(Note that there are variants of the process were things like the amount of a transfer is added by the user to the input “big long number”).
That mechanism is the safest authentication method of all because the authentication key inside the smartchip in the bank card never leaves it and even the user PIN never gets provided to anything but that smartchip.
That means it can’t be eavesdropped over the network, nor can it be captured in the user’s PC (for example by a keylogger), so even people who execute files received on their e-mails or install any random software from the Internet on their PCs are safe from having their bank account authentication data captured by an attacker.
The far more common two-way-authentication edit: two-channel-authentication, aka two-factor-autentication (log in with a password, then get a number via SMS and enter it on the website to finalize authentication), whilst more secure that just username+password isn’t anywhere as safe as the method described above since GSM has security weaknesses and there are ways to redirected SMS messages to other devices.
(Source: amongst other things I worked in Smart Card Issuance software some years ago).
It’s funny that the original poster of this thread actually refuses to work with some banks because of them having the best and most secure bank access authentication in the industry, as it’s slightly inconvenient. Just another example of how, as it’s said in that domain, “users are the weakest link in IT Security”.
Look for a processor for the same socket that supports more RAM and make sure the Motherboard can handle it - maybe you’re lucky and it’s not a limit of that architecture.
If that won’t work, breakup your self-hosting needs into multiple machines and add another second hand or cheap machine to the pile.
I’ve worked in designing computer systems to handle tons of data and requests and often the only reasonable solution is to break up the load and throw more machines at it (for example, when serving millions of requests on a website, just put a load balancer in front of it that assigns user sessions and associated requests to multiple machines, so the load balancer pretty much just routes request by user session whilst the heavy processing stuff is done by multiple machines in such a way the you can just expand the whole thing by adding more machines).
In a self-hosting scenario I suspect you’ll have a lot of margin for expansion by splitting services into multiple hosts and using stuff like network shared drives in the background for shared data, before you have to fully upgrade a host machine because you hit that architecture’s maximum memory.
Granted, if a single service whose load can’t be broken down so that you can run it as a cluster, needs more memory than you can put in any of your machines, then you’re stuck having to get a new machine, but even then by splitting services you can get a machine with a newer architecture that can handle more memory but is still cheap (such as a cheap mini-PC) and just move that memory-heavy service to it whilst leaving CPU intensive services in the old but more powerful machine.