floof.org
I have been calling Passkeys bullshit from the start. Security really does require the MFA methodology of “something you know and something you have” to be even remotely close to Good Enough™️. Passkeys have always been in the eyes of the implementers a means to fully lock you in to their ecosystem.
My new jobs REQUIRES Okta authenticator. But my Yubikey authenticator should suffice. Its just the same shit. Different pile.
Until barriers between user choice is removed, none of these technologies will be the solution. A single unified global standard created outside the scope of corporate and political pressures will be the only way forward.
https://bladerunner.social/@stevelord/112337033508506879
Every time a techbro tells me I need to change to some boneheaded security solution like DoH or shit like that it ends up with shitty consequences. Today it's Passkeys being used to lock customers into platforms.Blade Runner Social
@KayOhtie the largest problem, and as addressed in the article, is that tech companies like Google and Apple got their hands on it and twisted and perverted it. The underlying tech was a good idea, but the problem stems from the fact that it wasn't standardized, and it wasn't decentralized.
Passkeys are also being shoved down a lot of people's throats by these same companies. Surreptitiously, with their twist on the technology it's furthering vendor lock-in.
Behind the scenes, the tech at it's core is fine. It's the fact that it was heralded as being the solution of the future for passwords was just utter bullshit and marketing hype.
Personally, I hope passkeys dies in a very big fire, lit by the hands of the tech-bros that corrupted it to begin with. And from it, we need organizations like the FCC, FTC and other regulatory bodies to work towards to ensuring that technologies like these can't be used to create vendor lock-in going forward. I will be firmly a staunch evangelist for people to learn and understand how technology can work for them, and how to better protect themselves, and even how they can take control of their own digital lives without big tech dictating it for them.
Deleted previous posts because I was too verbose for my intent and I don't wanna come off as defending Google or Apple or MS when I very much am not; it's their faults for things being fucky to the point that Bitwarden and KeePassXC have far better Passkey implementations than they do. x3
I use Bitwarden currently for the passkeys I've set up, mostly cause I didn't want to set up another tool. Unlike the article writer though, I don't run my own Vaultwarden because I don't trust myself to not lose access in the case of a fire such that I'd ever be able to get into the off-site backup. >.> I know myself well enough there, ehehe.
I guess my main complaint is with the term 'centralized', since Bitwarden works with passkeys for all browsers they have an add-on for, and I don't know enough about KeePassXC but I know they support it. And I dunno cause I use classic KeePass2 at work, but maybe I should switch my work vault to using it instead, hehe.
But I get how things like the development groups bowing down to Google the same way the W3C heavily does (majority-controlled?) sure adds to the sense of it :<
Hello there!
What brings you out into the middle of nowhere on this beautiful #fursuitfriday?
Were you chasing the #WeekendVibes
as I did?
📸 @captainchaotika.bsky.social
#fursuit
#shenanigans
How to stop being reminded of memories you don’t want to be reminded of
https://www.theverge.com/24140444/memories-photos-facebook-onenote-how-to?utm_source=flipboard&utm_medium=activitypub
Posted into Microsoft News @microsoft-news-theverge
I found out how to avoid reminders from some of the more egregious offenders — Google Photos, Apple Photos, Facebook, and Microsoft OneDrive.Barbara Krasnoff (The Verge)
A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
FCC reinstates net neutrality
https://www.gamesindustry.biz/fcc-reinstates-net-neutrality
The Federal Communications Commission has voted to restore Net Neutrality.Net Neutrality prohibits internet service pro…Jeffrey Rousseau (GamesIndustry.biz)
Microsoft open sourced MS-DOS 4.00 yesterday, under an MIT license. This joins v1.25 and v2.0 already released 6 years ago.
https://github.com/microsoft/MS-DOS
MS-DOS 4.x is... complicated. There was a 4.0 with multitasking ("MT-DOS") and a later one without. Both report themselves as "MS-DOS Version 4.00". The code on GiHub seems to be the non-multitasking version.
I highly recommend reading through the OS/2 Museum's posts on DOS history:
https://www.os2museum.com/wp/dos/dos-4-0/
1/3 🧵
#retrocomputing #history #msdos
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes - microsoft/MS-DOSGitHub
will always find 'procreate' a funny name for an app
ah yes, what do you use for drawing? "have kids" for ipad
“MAN ON A BICYCLE ranks first in efficiency among traveling animals and machines in terms of energy consumed in moving a certain distance as a function of body weight.”
I got me two adorable kitties to celebrate #FursuitFriday, here with @krymson_k and @sige 🥰
📸 by @kaisunderg
We'll sing you a duet, which song would you pick? :3
🟤 ChesterTheGeroo
#FursuitFriday #furry #kemono #furryfandom #fursona #fursuit #fursuiting #fursuiters #fursuitinginpublic
Most BLM protesters were white people advocating for Black civil rights.♥️ All their lives, they thought that they had the 1st amendment right to protest, because they had seen white supremacists march without being beaten by cops. They didn't realize that the right to free speech depends heavily on what you are speaking about, and who you are speaking for.
Now I'm seeing college professors and students learn the same lesson about what US cops will do to you if you speak up for the wrong thing.
The alien saucer landed in the university square. A bedraggled being emerged from the ramp, carrying a sling bag, consulting a phrasebook.
“Um. Take me … to your … plumber?”
The professor of linguistics was first to speak. “Ah, I see what’s happened. You’ve confused ‘lead’ with ‘lead’, one comes from ‘liðan’, to go forth, and one comes from ‘plumbum’, the word for the element—“
His lecture was cut short when a putrid, slimy, plunger landed squarely on his head. “I know what I mean,” said the alien.
** A gentle reminder that you are the algorithm - your boosts help decide what your followers see, and help them discover the cool things you like.
(I mean like like, not press-like like, which, while greatly appreciated, doesn't have the same impact as a boost.) **
Long Covid numbers in UK hit two million people
https://www.thecanary.co/trending/2024/04/25/long-covid-rates-hit-two-million-as-tories-ramp-up-the-war-on-disabled-and-chronically-ill-people/?__s=43tdi5b96azmty2p7sbg
New government statistics have confirmed what millions of people already knew. Specifically, this was that cases of long Covid across the UK are rampant and ever on the rise – now up to two million people.
#ToryScum
New UK government data shows long Covid is rife, but the Tories just care about gaslighting millions of people with it back to work.Hannah Sharland (The Canary)
well fuck.
telegram decided to sneak in a nazi symbol in their announcement of NFT usernames today, so i guess this is the thing that makes me switch to Signal. (1488 in the subscriber count, and i have been informed that 4/20 is Hitler's birthday, so y'know, not a coincidence)
edit: wolfie@queer.party pointed out another thing, they're highlighting Tucker Carlson in the blog post
This month we've added more than 15 new features, including recommended channels, a way to view your own profile and display your channel and birthday on your page, improved moderation tools for group admins – and much more.Telegram
https://github.com/microsoft/MS-DOS/tree/main/v4.0
I would just like to thank @shanselman, Jeff Wilcox, and the Microsoft OSPO for working with me to preserve the source code of MS-DOS 4.0, a very early beta build of the very limited release Multitasking MS-DOS 4.0, and some source code for that too
Have fun, everyone :)
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes - microsoft/MS-DOSGitHub
Monsters with shady origins are perfect significant others.
Embrace the shady-origined monster. They love you.
Note: My origins are shady because I have sucked at fleshing them out.
I am kind of a monster? A dragon at least!
Smooches are welcome ;3 💙💙💙
Ugh, if someone's more comfortable with brown hair, do we penalise them for having brown hair? Even if it was originally blond? If someone wants to have green hair, let them have green hair, it won't bite anyone. If they like t-shirts, that's fine. Or if they prefer collared shirts and and neck-ties, so be it, where's the harm? If they want to be a man, let them be that, even if their body didn't originally develop along a typical male pathway — we have the technology to fix that discrepancy. And equally for women. And so on.
Old women dying their hair because they hate the way it looks if they don't, or young ones putting on makeup to feel comfortable with their face, or guys wearing platform shoes to look taller, even just people wearing nice clothes — it's all the same thing as trans people making themselves into themselves.
Just let people be.
Does anybody have a connection at Netlify?
Long story short, they won’t work with you if you’re #transgender, and they’re holding my domain hostage. They refuse to speak to anyone except [deadname] via an email that no longer exists.
After explaining my transition to the support rep, and offfering to give them an updated ID, they’ve just stopped responding to my emails. I need to get ahold of a human who isn’t an asshole.
I am so fucking tired of the trans tax.
Hey fam; y'all did it!
Someone got in touch with Netlify and they fixed it. (I won't tag so employees don't get dogpiled, but if you're reading this know that I appreciate you)
Thank you all for the signal boost. ♥ I would literally have had no other option otherwise.
Wagging that curly doggo tail for #fursuitfriday
#fursuit #fursuiter #fursuiting #mascot #furry #furries #furryfandom #fursuitphotography #foxfursuit #costume #cosplay
I will sorely miss this cat. Please send @jun back to Australia.
Happy #FursuitFriday from #furdu2024 !
GENTLE REMINDER TO ALL #TECH WORKERS
before you go hustling for new work on these internets and fediverses, if you were laid off, HEAD TO THE CLOSEST #LABOR DEPARTMENT OFFICE AND DEMAND YOUR #UNEMPLOYMENT BENEFITS
you pay for #unemployment #benefits with each paycheck. DEMAND THAT MONEY.
here's a thread about what to do & what happens when you don't demand all your accumulated money & benefits.
https://mastodon.social/@blogdiva/111607803802146802
tell #techbros laying off people, fuck you pay me.
REMINDER FOR LAID-OFF & UNEMPLOYED AMERICANS there is no shame in using all the social services you have paid with your taxes, ESPECIALLY IF YOU ARE A WHITE, MID/HIGH INCOME EARNER.Mastodon
Passkeys: A shattered dream.
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
it's basically similar to an ssh key with the public handed over and the private kept <place>. But from what I've seen, it's implemented 3 different ways:
- Key as identification+authentication, eg like gitolite, complete auth in one, allows compromised key access even without knowing username
- Key as authentication, eg like traditional ssh keys, where username must be known. Platform storing the key may (should) offer means of protecting a-la SSH key passwords
- Key as 2FA-only, eg SSH servers that require both account password AND an authorized SSH key. Most secure option, at that point just an alternative FIDO2 method using pub/priv model instead of cert signing
I think a lot is "well that sucks" stuff. If the same thing happened where a Yubikey got zapped and there was no recovery we might have the same article. But a lot is also implementation and properly allowing recovery and of course setting everything up to acknowledge devices change. Namecheap pisses me off with their U2F because I can't have a fallback method and can (or could last I checked) only have 1 key registered, and had to use a recovery code otherwise.
TBH I think largely a push for these is because since so few people use password managers something that didn't require users install yet another app or account and just use their phone or even PC was a good way to do 2FA that didn't require codes that could easily be hijacked the way SMS ones do. Passkeys never were really targeting you or I for a problem to solve so much as targeting people like my sister or my parents to protect them. I don't think it's a perfect solution, but it not being tied to any singular platform because it's a standard, not centralized, seemed good to me. It is the choice you're talking about, just fucky implementations galore, same problem with Matter where it's fucky manufacturers more than Matter as a protocol.