hedgehog @ hedgehog @ttrpg.network

Posts

3

Comments

995

Joined

2 yr. ago

My first thought was that ending the taxes at land ownership was shortsighted - all capital should be taxed - but then I looked up Georgism on Wikipedia and saw that that was basically already in scope (mostly by “including title of ownership for natural resources and other contrived privileges (e.g., intellectual property)”).

Do you memorize all of your passwords? If so, I take that to mean that you don’t use a password manager. Password managers - really, any app with 2FA - have this problem, too. But if you use a password manager and store your 2FA methods in it, then you only need to be able to regain access to your password manager.

If you use a cross-platform password manager with Passkey support, like Bitwarden, you can use it on any of your devices. In the event that you lose all of your devices, if you don’t have an Emergency Contact set up, you will need your password and one of the following to gain access to your account:

• Access to your 2FA method
• Access to your Recovery Code
• If you’re in an enterprise using Duo 2FA, access to a Duo bypass code (contact your Duo admin to request this)

If you use security keys for 2FA, then you should have at least two - one that you keep with you and a backup that you keep in a safe place, like at home in a lockbox.

If you use a TOTP app to log in, or if you use security keys and want another backup, then making sure you’ll have access to the Recovery Code should be your priority. You can write it down and keep it in a few different places - at home, in your car, in your locker at work, etc.. You can share it with someone you trust in person or over an encrypted channel (like Signal). You can store it on a flash drive, encrypted by a second password (which can be much easier than your primary password) or even unencrypted, if you generally keep the drive somewhere safe, disconnected from your computer. As long as you remember your password and can access your recovery code, you’ll also be able to regain access to your account, including all of your passkeys.

Emergency Access requires someone else to have access to their Bitwarden account, but assuming you don’t both lose access, it’s a pretty solid solution. When they request access, Bitwarden will send you an email allowing you to accept or reject their request. If you accept or don’t respond within the allotted “Wait Time” (which you configure: 1 day minimum, 90 days maximum) then they’ll be granted access. You also get a choice (when setting this up) to let them takeover the account (resetting your master password) or to just get read-only access.

Maybe you don’t like Bitwarden and want to use some other app, like 1Password, Dashlane, Roboforms, etc.. Whatever your choice, familiarize yourself with how to restore access to your account in an emergency. Then you only need to worry about that and not about how to get access to your passkeys that are on your Windows laptop or only synced to your Apple devices.

But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

Nope.

Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.

The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though.

The site doesn’t need to implement this; the browser handles that part.

I confirmed this works and logged into Github using Google Chrome on my work computer using a passkey stored in Bitwarden earlier today. I had to enable Bluetooth for Chrome, since I’d had it disabled, but then everything else was seamless.

Your milage will vary with your corporate policies.

What does this have to do with anything?

I can't just pick up any smartphone and install a passkey manager on it.

Sure, because “any smartphone” includes smartphones that don’t turn on, that are locked with a passcode you don’t know, or that are running a 10 year old OS.

Which modern smartphones (meaning, still supported by its manufacturer and running a current OS, i.e., iOS 17/18 or Android 14/15) don’t have passkey support? I don’t know of a single one.

If I were talking about Passkeys and comparing them to client certificates, even though I don’t know much about client certificates in practice, I would say:

• Passkeys can be installed in your password manager, which handles securely syncing it to all of your devices
• Websites can make it very easy to create or log in with a passkey
• Far more websites support passkeys
• Websites can support multiple passkeys per user
• The user experience is far better with passkeys
• Even if your password manager isn’t installed on a given machine, you can still log in with a passkey via your phone, so long as both devices have bluetooth enabled. This allows you to log in on an untrusted device, like a library computer, without exposing your password (though unfortunately that would still result in that computer having access to the session and being able to modify account settings - best practice would be to log out when you’re done and then, from a trusted device, confirm that you were logged out / log out of all devices.)

Can I store a passkey in a platform agnostic way?

If by “platform” you mean OS, then yes - and the best way to do that is to use a dedicated password manager instead of something that’s tightly integrated with an OS.

That said, iCloud keychain is available on Windows, but not Android. Likewise with Google Password Manager - it supports Macs, but not yet support iPhones or iPads.

However you can also use a password manager like one of these and use it across every platform:

• Bitwarden
• 1Password
• ProtonPass - Passkeys Help Article
• Roboform - Passkeys help article
• Dashlane
• NordPass

Based on my experience (with Bitwarden) or research, all support passkeys in browser extensions for Firefox and Chromium browsers and/or desktop apps on Linux, Mac, and Windows, as well as in apps for iOS and Android.

Keepass also might be an option, as KeePassXC supports passkeys and is available on Mac, Windows, and Linux, but I didn’t see any mobile clients that advertise support for passkeys.

Even with the more open password managers, there isn’t a built-in way to transfer passkeys from one password manager to another. However, the FIDO Alliance is working on a spec for securely transferring passkeys so hopefully that’ll change soon and you’ll be able to transfer passkeys from one ecosystem to another.

Also, you can generally still log in on a device that your passkey service doesn’t support by scanning a QR code displayed on the target device on your phone, so long as both devices have Bluetooth (used for confirming physical proximity). I’ve only done that once and it wasn’t super streamlined, but it also wasn’t terrible. You can also save passkeys to your phone or security key (like a Yubikey) though be aware that a YubiKey 5 can only store 100 passkeys. And you can have multiple passkeys to a given service, so if you use a Mac but use an Android phone, you can save a passkey to iCloud Keychain on your Mac and to Google Password Manager on your phone.

EDIT: Looked up and added the correct limit for YubiKey passkeys

What are the benefits of a client certificate? As an end user, I’m pretty sure I’ve never used one.

You could’ve scrolled down to the bottom, clicked on “Links,” then clicked on the repo link

The repo has instructions to install a Snap or build from source. If you build from source, it looks like you should download an archive from the releases page rather than just pulling from master.

The unicode standard has stated that U+2019 is the preferred character for apostrophes since at least the late 90s.

And it’s not like using a curved apostrophe in typesetting was novel even then.

as opposed to U+2019 being posthumously appropriated

U+0027 was also an ASCII character. The death of ASCII as a common format is the only one I can think of… what death are you referring to here?

From https://en.m.wikipedia.org/wiki/Right_single_quotation_mark

The Unicode character ’ (U+2019 right single quotation mark) is used for both a typographic apostrophe and a single right (closing) quotation mark.[1] This is due to the many fonts and character sets (such as CP1252) that unified the characters into a single code point, and the difficulty of software distinguishing which character is intended by a user's typing.[2] There are arguments that the typographic apostrophe should be a different code point, U+02BC modifier letter apostrophe.[3]

In other words, U+2019 is the typographic apostrophe character. It’s also the right single quote character. There are people who think that the typographic apostrophe character should be something else (and having read their arguments, I agree), but in practice, it isn’t, and certainly wasn’t back in the 90s / early 2000s.

Can you elaborate on why this is mildly infuriating?

You probably just need Google One and Youtube Premium, which includes Youtube Music Premium.

Of course, if you don’t care about YouTube Premium, you could instead get a family subscription to a different music streaming service - Spotify, Tidal, and Apple Music are all leagues better than Youtube Music, in my opinion.

I don’t personally recommend Google for anything, to be clear.

You should also be able to just put two spaces
At the end of a line to insert a line break.

If their opinion is changing only for the worse because they’re being corrupted by their corporate benefactors, like Kamala, that’s worse than someone who doesn’t change their stance. If their stances started out the same, obviously the person who stubbornly stays the same would be preferable.

This isn’t a way Trump and Kamala differ, though, regardless of his statements on the matter, and Kamala started out with a very left-leaning voting record, so this shouldn’t really impact anyone’s choice of candidate.

Open-Webui published a docker image that has a bundled Ollama that you can use, too: ghcr.io/open-webui/open-webui:cuda. More info at https://docs.openwebui.com/getting-started/#installing-open-webui-with-bundled-ollama-support

For the purposes of this project, you could at least reproduce them by running wget and downloading them from the original projects.

In my state, defensive driving is optional (unless you get enough tickets/points that the course is mandated).

So, to be clear, my opinion was about what’s reasonable to do and was informed by our culture and laws. Your objection seems to be related to what should be legal, which is different and is more complicated, as the laws have to balance restricting and potentially damaging businesses with protecting people from discrimination.

From a legal perspective, IMO larger businesses should be held to much tighter standards than small businesses. I think it would be reasonable to legally require Google or Meta to have a reason to ban someone, to have to share that explanation, and to have to allow an appeal to be unbanned to be arbitrated by a third party, without “we can ban anyone for any reason” allowed as a defense.

We also see it being abused with the allowance of a few "good ones" from said protected class to avoid discrimination claims while still discriminating against the rest of said class.

Obviously this isn’t a reasonable thing for them to do.

If a business is discriminating against a protected class and only letting in a few “good ones,” then statistically it should be able to be shown that they ban far more people in that class than outside it.

I believe there should be reasons required to ban someone.

How do you manage that, practically speaking, in a capitalist society? If a business owner thinks someone is acting suspicious and is likely to steal or break something, but they can’t ban them until they have a “valid” reason, if that person then breaks or steals something, that business owner has been damaged by the government’s policy. Is the government going to make them whole? No, of course not.

Does the reason need to be disclosed to the person being banned, or just recorded for future reference? A lot of the time people get defensive and angry when told the truth about what they did that made other people not want to deal with them. If someone’s been leering at customers, smells terrible, is loud and disruptive, or is just plain acting weird, telling them as much when you tell them they have to leave probably isn’t going to help them feel better.

Not just because you own the place and don't want them in your place as they make you/other customers uncomfortable.

Why do you think it’s okay for a business owner and their employees to be legally forced to deal with someone that makes them uncomfortable?

Do business owners just need to be able to articulate why someone discomforts them? Is someone judging whether a reason is good enough, or do you just need any reason, or is there a list of acceptable reasons? In the last case, what sorts of reasons are acceptable?

If a business can point to measurements they’ve taken showing that when Joe shows up, they lose money - either because their clients leave, don’t come back, or stop spending money - is that a good enough reason to ban Joe? What if this is just because their clients are all racist and Joe is black?

If a business bans Joe because of a particular reason and then Jim does the same thing, is the business forced to ban Jim?

But it's still relevant as it's the reason homeless people

The easy solution for this is to make being homeless a protected class. Homeless people need specific protections at a federal level, because they’re discriminated against by local and even state governments. That’s not the only class that needs this, either, to be clear.

That said, all of the times I’ve seen a homeless person banned from an establishment wasn’t because they were homeless, but because of some other reason. The one I remember clearest was a woman who had started talking to me and my girlfriend (at the time) while we were sitting at a table in a coffee shop. She asked us for money or food after just a couple minutes, then went to go and talk to someone else and after a few minutes was noticed by the staff and told to leave. When I asked about it, I gathered that she’d been banned because of multiple complaints from customers about her doing just that.

“Jurisdiction” is a legal concept and the way you’re using it makes no sense unless you’re referring to restraining orders or trespassing warnings being issued by courts/police from different towns or states.

I’m assuming you’re talking about private establishments that have the legal right to refuse service to anyone for almost any reason (exceptions being if doing so is discrimination against a protected class).

If so, then here’s my opinion: If you own or manage a shop, bar, club, gym, etc., it’s reasonable to ban someone because they aren’t the sort of person you want in your establishment. Maybe they make you or your other customers uncomfortable. Maybe they don’t want their place to get a reputation for being where Bad Egg Craig, whose antics sent some folks to the ER, hangs out. Maybe they share ban lists with the owners of other establishments, either because they’re friends or for purely business reasons (if your actions have cost the owner of one establishment money, it’s more likely you’ll do the same elsewhere), the same way insurance companies protect their interests by raising premiums.

What does the Hague Convention have to do with anything? Unless it’s being enforced by the same people it’s completely irrelevant.