Thanks for the tips here. Could you elaborate on Carla? I tried Googling around but didn't mind much detailed information. I work on Lyrebird so could be helpful as you say.
It also does some cable management, but qpwgraph is maybe better for that.
I looked at your code and the approach (IMO) is kind of bad.
If you want to solve the problem of "voice changer", you can skip the UI entirely and just use plugin parameters. You can also skip the problem of managing the connections. And when you publish your work, every pro audio software (Ableton, Reaper, whatever) can use your audio processing.
.app packages are merely the binary with assets and a bunch of metadata for code signing, entitlements, icons and locales. If you "Show Package Contents" there's not much to them.
People really don't understand 2FA codes. Imagine trying to tell thousands of students to get the code from their 2FA app (Which app?). What happens when a student goes home over the summer and gets a new phone, but doesn't transfer the app info? Duo offers a level of management that other apps don't. If a student is struggling, you can send them a text with a direct link to the app they need to download. You can temporarily bypass 2FA from the Duo console. For the longest time, it was the only 2FA app that offered any kind of management. Okta has it now, too, but most higher ed already has a different SSO provider, so switching to Okta just to get 2FA management (And I'm not sure it's as good as Duo's) is probably an impossible task to get off the ground.
Okta offers a similar feature. So much easier to click a confirmation on my phone than to scroll through dozens of 2FA codes (some of which might be orphaned).
This implementation sounds better. Though for me I still have to manually input a code from the Duo app (that doesn't auto refresh after code entry since it's not time based).
Having the do the manual entry and the lack of refresh is a choice of your security team/administrator. Duo supports push notifications and auto-refreshing TOTPs.
Indeed. They are generally understaffed and salaries are very low so they're very lucky to get any "1x-5x" developers who stick around long enough to understand the infrastructure. Outsourcing as much as possible makes a lot of sense in that environment, it does create major single points of failure but "roll-your-own" would likely fail more often anyways.
I work in post-sec and this is very common practice. There are few key players that tend to capture the majority of schools in the States/Canada for specific tech solutions. Blackboard/Canvas/D2L for LSMs, Shibboleth for SSO, Duo for 2FA, Cisco AnyConnect for VPNs.
tech solutions in the field tend to be incredibly low risk given the size and make-up of the anticipated users (enterprise services with thousands of employees and tens of thousands of students). For public institutions, there's the added element of public sector risk avoidance.
To be clear, Shibboleth is often self-hosted and usually the grey-beards understand how to maintain it. It's been around a long time and is very stable/robust and at least as unlikely to fail as Duo/Cisco (which are overall fairly robust with rare enough breaking failures). OTOH, rolling their own 2FA would likely create points of failure that rear their ugly head more often, not less often.
Shibboleth is kind of an outlier here, due to its age/maturity and position as a very old-school piece of foundational tech that got implemented when academic IT salaries were quite a bit easier to live on than they are today.
The disparity between tech salaries in academic institutions and FAANG/SaaS corps has grown immensely in the past 20 years. Most of the people who do the real work at academic institutions have been employed there for 25-40 years. Most of the young people can't stick around for long because they need to earn more money to build a stable life.
The openness of this approach will allow for great recall potential with GPT models when we eventually get them running locally. Dave Winer has already been experimenting with this (admittedly not locally) based on his large backlog of blog posts and has found it effective[1].
I've considered this too, sometimes it will divulge information from the rule list and instantly follow it up by letting you know that it's confidential and that it will not tell you what it just told you.
See also Paul Haddad's situation[1] (creator of TweetBot):
> I really want an official public statement. We have a large number of sub. renewals for year 3 of Tweetbot coming up in a couple of weeks. If we're permanently cut off I need to know so we can remove the app from sale and prevent those. Which obviously I'd rather not do.
