MFA on a smartphone

Multi-factor authentication (MFA; aka Two-factor authentication aka 2FA) makes access to things more secure. However, how to do it from the same smartphone seems to be an afterthought.

First, if someone has the smartphone which is used to generate the code, receive the text, answers the phone call, or confirms the access, then is MFA really doing its job? The whole point is to know the password and have the alternative device. In the case of accessing an app or website from the smartphone, then it eliminates the alternative device. It seems implementers don’t consider this scenario. But, also, it seems somewhat more complex to detect which device is the MFA one.

Second, more and more apps or websites appear to want to either clear the screen or go back to the login when you navigate away from them. So one can never accomplish the MFA process on the same device used to login. Which, is good in the sense that it closes the security loophole of the first issue. But, in a way that is infuriating when I want to access something away from my desktop computer.

Also, somewhat unrelated, but texts and phone calls can be intercepted. There are plenty of stories about phone companies firing employees over having given unscrupulous people the SIM card information allowing a hacker to clone it and receive each. This issue has been around two decades. So I don’t understand why this loophole still exists.

Sports signage in times of pandemic

In watching some futbol (aka soccer aka English football) matches this past year, it kind of seems like some of them have maybe increased the sponsorship names on the stadium seats. It kind of makes sense that with no butts in seats, this is real estate that is more on camera than in the past. So maybe they are selling this space now?

Manchester United Panorama by Steve Collis

Many English Premier League teams have their name on the stands. See the Manchester United photo above. That is something different to which I am already accustomed.

I am watching a game at the Etihad Stadium in Manchester, England. Photos similar to the United photo above of theirs show no text on the stand. Now, they actually appear to have a cover pulled over the sections of seats with advertising for the cameras. In staying with their light blue color scheme, the darker blue text is difficult to pick out at times.

Earlier today, I had on a SheBelieves Cup game held at the Exploria Stadium in Orlando, FL. They appeared to have changed out or maybe put covers on individual seats to create the text in the stands similar to MU method, but for various companies and the name of the tournament.

I find this an interesting adaptation that seems like it might lose the usefulness when fans return.

Insecure logins

I worked a ticket years ago where a student claimed not to have taken an exam. The faculty member asked the school who asked us as the hosting provider for the online class system to check on it. What I was able to see in the logs were sessions with two different IP addresses. One was in another state while the other was on the campus wifi network. The on campus one took the test. But, the student was traveling at the time. (We never got told the ultimate outcome of such requests, so I don’t know how that was resolved.)

crop hacker typing on laptop with data on screen
Photo by Sora Shimazaki on

The student admitted to having left the password the default provided by the school which was MMDDYY. The system had a school level option to change the password on first login. But, some students found that password so convenient they changed it back. And apparently the student also had the birthday listed in public view (non-friends). So really anyone could have looked up the Facebook profile and guessed both username and password to login as another student if they left the password the default.


The Georgia My Voter Page strikes me as similarly problematic. It asks for first initial, last name, county, and birthday. That is relatively common knowledge. Anyone who has sent me a birthday card has that at their disposal.

Certainly the whole reason for not allowing the use of cameras in the voting area is to prevent someone from knowing about my voting. They have everything other than who I voted for at their disposal in this website.

Also, the real reason for this post, is I saw about a month ago twin college students who applied to the same university with the same letters starting the first name. So, their logins would be identical. Same first initial, last name, county, and birthday. I am curious how they login to check their vote.

Collected quotes, 2020

The dangers of not thinking clearly are much greater now than ever before. It’s not that there’s something new in our way of thinking – it’s that credulous and confused thinking can be much more lethal in ways it was never before.

Carl Sagan Quotes. (n.d.). Retrieved January 6, 2020, from Web site:

End the political ads

Got a canvasser who thanked me for having already voted. The visit was to ask if other members of the household have voted and if not, then do they have a plan?

What was interesting to me was the campaign knew I had already voted. I did last week on my day off. And I am sure that I was on the list based on my primary ballot choice.

If the campaigns know, then the supposedly all-knowing social media should ken. Stop asking if I have registered or intend to vote. Pressure me to get friends to, fine. That is their job.

The complexities of a Multi-tenant Architecture

A coworker asked for a quote on what I thought about them:

Multi-tenant architecture initially reduces costs by streamlined business processes constraining tenants to make operations more consistent. Friction develops where existing processes shoehorned into something different feel less than ideal or not the way the tenant might have designed it.

The one I prefered:

Reductions in hardware, licensing, and staffing costs initially draw organizations into multi-tenant architectures. Streamlined business processes make operations more consistent to achieve an actual favorable return on investment. Friction develops where existing processes shoehorned into something different feel less than ideal or not how the tenant might have designed it.

He asked because of my experiences running “WebCT/Blackboard Vista” and D2L.

Let’s add more electoral votes

If we don’t want to make states out of the territories, then let’s at least give them non-voting members of Congress and Electoral College votes like the District of Columbia via the 23rd Amendment.

  • DC has a population of about 720,000 people which would make it the 3rd smallest state. It gets 3 electoral votes consistent with Wyoming, Vermont, and Alaska.
  • Puerto Rico has a population of about 2,874,000 people which would make it the 15th smallest state and would get 5 electoral votes similar to New Mexico and Kansas.

Setting up Puerto Rico with 5 electoral votes would make presidents more interested in their affairs. The 45th president told people at a rally Puerto Rico better vote for him. This could make that a reality.

It would be good for Virgin Islands and other places to get one elector.

Counting in counties

The frequency of both words being used in the same sentence the past couple days has me wondering about the relatedness. So, I looked up the etymology of both.

  • count (verb) late 14c., “to enumerate, assign numerals to successively and in order; repeat the numerals in order,” also “to reckon among, include,” from Old French conter “to count, add up,” also “tell a story,” from Latin computare “to count, sum up, reckon together,” from com “with, together” (see com-) + putare “to reckon,” originally “to prune,” from PIE root *pau- (2) “to cut, strike, stamp.”
  • county (noun) mid-14c., “a shire, a definite division of a country or state for political and administrative purposes,” from Anglo-French counte, from Late Latin comitatus “jurisdiction of a count,” from Latin comes (see count (n.1)). It replaced Old English scir “shire.”

So, not at all. Both come from different French and Latin terms. French conter vs counte and Lating computare vs comitatus.

English is weird, yo.

Donation matching

Georgia Public Broadcasting just concluded their October funding drive. Something I noticed and wondered about is all the matching.

They would say, “whatever you donate will be matched dollar for dollar to double [or triple] it.” Then sometimes explain the matching funds came from earlier donations.

Something about this feels like a Ponzi scheme. I guess the way this would be legitimate is the people providing the matching funds donated to that cause knowing that the people donating later are going to be enticed into helping using them. I might have heard something about that earlier, but I am not sure.

I remember a decade ago GPB using the matching less frequently. I guess they are getting more success with donations to back the matches.

Are there any numbers on how much came in for the matching funds? If not, then people are taking their word about whether there is enough to cover. They could just say a donation is doubled to entice it when they ran out of matching funds before that point.

Modern Red Record

I read The Red Record: Tabulated Statistics and Alleged Causes of Lynching in the United States in 2015. It was a couple years after the start of #BlackLivesMatter. I read it after the mayor of Charleston claimed not to know about the treatment of blacks, so people created reading lists, and this was on them.

It came to my mind that #BlackLivesMatter is really a modern version of the Red Record.

The United States to create fairness has a justice system. Law enforcement makes an arrest. Criminal prosecutors charge the arrestee. A judge runs a trial. A jury makes a decision on guilt. In the case of the jury deciding the individual is guilty, there is a punishment applied. In the most severe offenses being guilty, the individual might get an execution.

Lynchings are where the individual gets an execution without a trial. A mob kills the individual. Or it might be a smaller group.

Law enforcement killing someone they sought to arrest circumvents justice where they are supposed to uphold it.