hedgehog @ hedgehog @ttrpg.network

Posts

3

Comments

887

Joined

2 yr. ago

If I were talking about Passkeys and comparing them to client certificates, even though I don’t know much about client certificates in practice, I would say:

• Passkeys can be installed in your password manager, which handles securely syncing it to all of your devices
• Websites can make it very easy to create or log in with a passkey
• Far more websites support passkeys
• Websites can support multiple passkeys per user
• The user experience is far better with passkeys
• Even if your password manager isn’t installed on a given machine, you can still log in with a passkey via your phone, so long as both devices have bluetooth enabled. This allows you to log in on an untrusted device, like a library computer, without exposing your password (though unfortunately that would still result in that computer having access to the session and being able to modify account settings - best practice would be to log out when you’re done and then, from a trusted device, confirm that you were logged out / log out of all devices.)

Can I store a passkey in a platform agnostic way?

If by “platform” you mean OS, then yes - and the best way to do that is to use a dedicated password manager instead of something that’s tightly integrated with an OS.

That said, iCloud keychain is available on Windows, but not Android. Likewise with Google Password Manager - it supports Macs, but not yet support iPhones or iPads.

However you can also use a password manager like one of these and use it across every platform:

• Bitwarden
• 1Password
• ProtonPass - Passkeys Help Article
• Roboform - Passkeys help article
• Dashlane
• NordPass

Based on my experience (with Bitwarden) or research, all support passkeys in browser extensions for Firefox and Chromium browsers and/or desktop apps on Linux, Mac, and Windows, as well as in apps for iOS and Android.

Keepass also might be an option, as KeePassXC supports passkeys and is available on Mac, Windows, and Linux, but I didn’t see any mobile clients that advertise support for passkeys.

Even with the more open password managers, there isn’t a built-in way to transfer passkeys from one password manager to another. However, the FIDO Alliance is working on a spec for securely transferring passkeys so hopefully that’ll change soon and you’ll be able to transfer passkeys from one ecosystem to another.

Also, you can generally still log in on a device that your passkey service doesn’t support by scanning a QR code displayed on the target device on your phone, so long as both devices have Bluetooth (used for confirming physical proximity). I’ve only done that once and it wasn’t super streamlined, but it also wasn’t terrible. You can also save passkeys to your phone or security key (like a Yubikey) though be aware that a YubiKey 5 can only store 100 passkeys. And you can have multiple passkeys to a given service, so if you use a Mac but use an Android phone, you can save a passkey to iCloud Keychain on your Mac and to Google Password Manager on your phone.

EDIT: Looked up and added the correct limit for YubiKey passkeys

What are the benefits of a client certificate? As an end user, I’m pretty sure I’ve never used one.

The unicode standard has stated that U+2019 is the preferred character for apostrophes since at least the late 90s.

And it’s not like using a curved apostrophe in typesetting was novel even then.

as opposed to U+2019 being posthumously appropriated

U+0027 was also an ASCII character. The death of ASCII as a common format is the only one I can think of… what death are you referring to here?

From https://en.m.wikipedia.org/wiki/Right_single_quotation_mark

The Unicode character ’ (U+2019 right single quotation mark) is used for both a typographic apostrophe and a single right (closing) quotation mark.[1] This is due to the many fonts and character sets (such as CP1252) that unified the characters into a single code point, and the difficulty of software distinguishing which character is intended by a user's typing.[2] There are arguments that the typographic apostrophe should be a different code point, U+02BC modifier letter apostrophe.[3]

In other words, U+2019 is the typographic apostrophe character. It’s also the right single quote character. There are people who think that the typographic apostrophe character should be something else (and having read their arguments, I agree), but in practice, it isn’t, and certainly wasn’t back in the 90s / early 2000s.

Can you elaborate on why this is mildly infuriating?

You probably just need Google One and Youtube Premium, which includes Youtube Music Premium.

Of course, if you don’t care about YouTube Premium, you could instead get a family subscription to a different music streaming service - Spotify, Tidal, and Apple Music are all leagues better than Youtube Music, in my opinion.

I don’t personally recommend Google for anything, to be clear.

You should also be able to just put two spaces
At the end of a line to insert a line break.

If their opinion is changing only for the worse because they’re being corrupted by their corporate benefactors, like Kamala, that’s worse than someone who doesn’t change their stance. If their stances started out the same, obviously the person who stubbornly stays the same would be preferable.

This isn’t a way Trump and Kamala differ, though, regardless of his statements on the matter, and Kamala started out with a very left-leaning voting record, so this shouldn’t really impact anyone’s choice of candidate.

Open-Webui published a docker image that has a bundled Ollama that you can use, too: ghcr.io/open-webui/open-webui:cuda. More info at https://docs.openwebui.com/getting-started/#installing-open-webui-with-bundled-ollama-support

For the purposes of this project, you could at least reproduce them by running wget and downloading them from the original projects.

In my state, defensive driving is optional (unless you get enough tickets/points that the course is mandated).

“Jurisdiction” is a legal concept and the way you’re using it makes no sense unless you’re referring to restraining orders or trespassing warnings being issued by courts/police from different towns or states.

I’m assuming you’re talking about private establishments that have the legal right to refuse service to anyone for almost any reason (exceptions being if doing so is discrimination against a protected class).

If so, then here’s my opinion: If you own or manage a shop, bar, club, gym, etc., it’s reasonable to ban someone because they aren’t the sort of person you want in your establishment. Maybe they make you or your other customers uncomfortable. Maybe they don’t want their place to get a reputation for being where Bad Egg Craig, whose antics sent some folks to the ER, hangs out. Maybe they share ban lists with the owners of other establishments, either because they’re friends or for purely business reasons (if your actions have cost the owner of one establishment money, it’s more likely you’ll do the same elsewhere), the same way insurance companies protect their interests by raising premiums.

What does the Hague Convention have to do with anything? Unless it’s being enforced by the same people it’s completely irrelevant.

These elevators are for accessibility purposes. According to the video, a basic model starts at $35,000 and maintenance runs a few hundred a year.

So an elevator is cheaper than an in-ground pool and on par with major maintenance.

Expecting everything for free with no ads is just greedy.

In this case you’re not paying to not have ads. You’ll still get ads; they just won’t be personalized.

Personalized ads are more valuable to advertisers, so it still makes sense for them to charge a bit for it, but it’s not something I’ve seen before.

I’m guessing they charge a decent amount more than the difference, though - and probably even more than they make from personalized ads per person. On that note, I really wish ad free subscriptions were closer to the revenue providers get from serving ads - if they were, I’d be more willing to pay for them than just running an adblocker all the time. YouTube Premium, for example, costs 14 USD monthly, but annual ad revenue per non premium user was 1.21 USD.

Synthetic media should be required to be watermarked at the source

Bit late for that (even in 2023). Best we could do now is something like public key cryptography, with cameras having secret keys that images are signed with. However:

• That would require people to purchase new cameras (though phones could likely do this without a new device, leveraging the secure enclaves to sign)
• Depending on the implementation of the signing, even applying filters to images, color grading, or cropping an image could make it stop matching. If you remove something from the background or make other overt changes, it’s definitely not going to match.
  • Adobe has a system for handling changes and attesting that no AI was used. Optimally other major photo editing tools will do something similar. However, I don’t think it’s feasible to securely sign such an attestation history locally, so all such images would need to be uploaded to be signed remotely.
• This won’t work for traditional art

For artists and photographers with old school cameras (“old school” meaning “doesn’t compute and sign a perceptual hash of the image”), something similar could still be done. Each such person can generate a public / private key pair for themselves and sign the images they’ve created manually. This depends on you trusting that specific artist, though, as opposed to trusting the manufacturer of the camera used.

It's like how they slapped 'Smart' on every tech product in the past decade. Even devices that are dumb as fuck are called 'Smart' devices.

I’m not a big fan of “Smart” as a marketing term, either, but “Automatable” doesn’t exactly roll off the tongue, and “Connected” doesn’t really have the same appeal. That said, “smart” was used pretty consistently to refer to devices that could be controlled as part of a “smart home.” It wasn’t supposed to refer to a device that itself was intelligent, though.

I always thought of AI as artificial consciousness, an unnatural and created-by-humans self-aware and self-thinking being.

Sounds like you’re thinking of AGI (artificial general intelligence) or that your understanding is based off sci fi as opposed to the academic discipline/field of research, which has been around since the 1950s.

And yes, marketing is often inaccurate… but almost every instance I’ve seen where they say they’re using AI, they were.

In fact stuff like ChatGPT would've made more sense to actually be called 'Smart' search engines instea of 'AI'.

IMO “Smart” would be more misleading than “AI,” even if “Smart” didn’t have an existing, unrelated meaning. I do think we could use better words - AI is such a broad category that it doesn’t say much to call a product “AI-powered.” Stable Diffusion and Llama use completely different types of AI, for example. But people broadly recognize the term (even if they don’t understand it properly) and the same can’t be said for terms like “LLM.”

They might be technological achievements, but they're not AI.

You’re illustrating the AI effect - “discounting of the behavior of an artificial-intelligence program as not "real" intelligence.” AI is used in a ton of different ways that you likely don’t ever think about or even notice.

I recommend reading over at least the introduction to the Artificial Intelligence article on Wikipedia before proclaiming that something that fits cleanly into the definition of AI isn’t AI.

Okay but “they” can control the weather?

It’s called “climate change” aka “global warming” (or as MTG would call it, “fake science”). It’s not very precise, but “bigger hurricanes” was definitely one of the expected results.

Also “they” is of course pretty much everyone, but mostly capitalists (aka liberals). And conservatives (“conservative liberals?”) like MTG are the most to blame (at least in the US).

Both numbers are based off market value, though

Why? Open source doesn’t mean “cheap” or “at cost.”