trevor (he/they)

Actually yeah. You’re right. Even better 😌

A lot of incorrect assumptions in this article. If you don’t like the idea of a key exchange over passwords, I hope you use password auth when you SSH into things 😁

The word passwordless is nonsense. In most cases, most passkey implementations, you need a PIN to unlock your private key to authenticate. PIN = password, except it’s numbers only. Nonsense. Passkeys simply obfuscate the problem and move it somewhere else, most often into a PROPRIETARY key management tool. For example, Microsoft wants you to use THEIR authenticator app. Not just any app that adheres to the standard. Nope. This effectively means super-vendor-lock-in. Absolute nonsense.

You can argue that the term “password less” is nonsense, but there is literally nothing about the spec that prevents you from using passkeys as they were designed: with hardware keys that support the open FIDO2 authentication protocol. Yes, you still need a second factor to verify the authentication attempt (via a PIN), but unless you’re mailing that key to hackers, the private key generated by your SoloKey, NitroKey, or another open source hardware key, is more secure than any password ever will be.

Passkeys usually require a phone - this is a single point of failure, and one that gives the big companies extra control over you. Phone, number, SIM, and so forth. A beautiful bevy of data. The whole idea of actually having to use your phone as an identity vector is horrible.

Phones support storing passkeys. Phones also support storing passwords. In no way does this mean you must use them for this. You can either use hardware keys, or you can use your favorite open source password manager to store passkeys where you should already be storing your passwords anyway.

You need “biometrics” to supposedly prove you’re you to unlock your private key. Biometrics are a form of password, except you can’t replace it, and it also gives yet more of your personal data to the big companies. More nonsense.

This is literally a direct contradiction of what the author said in their first bullet point. Use a PIN if you don’t like using biometric auth.

The implementation of passkeys is fragmented, vendor-specific, and complicated. Only diehards who love technology can use this. The same kind of people who were “all in” when IoT/cloud crap came out, and now they see their smart homes slowly go offline as big vendors almost arbitrarily cut support for old gadgets and effectively kill products. Because cloud.

Most of this is actually a fair critique. The FIDO Alliance is still working on the spec, and I think they should require any implementation of passkeys to follow the spec to a tee without adding any kind of nonstandard bullshit to their authentication.

However, most advancements in tech begin with only appealing to enthusiasts and later become adopted by wider audiences. It doesn’t make them bad that they aren’t immediately popular with everyone.

Passkeys only solve one use case - phishing where the user inputs their password and MFA into a fake site.

I’m glad the author can at least recognize that there’s at least one thing that passkeys solve that passwords can’t. But it’s not the only thing. When you enter a password on a site, you’re hoping like hell that the service you’re using hashes it and hashes it properly. When you authenticate with passkeys, you’re sending the site a public key. This key will have way more entropy than any password will, so anyone trying to crack a hashed public key is in for a long, miserable time (obviously not impossible though). But even if they wasted their time doing that, it’s a public key. Who cares?

Any service you use passkeys with instead of passwords won’t put you in another leaked password database. The public key just needs to be invalidated and you can move on with your life.

I don’t think it’s inherently anti-justice. But maybe we can pivot to something more constructive than just disagreeing about it: if you have an alternative to utilitarian-adjacent ethics, I’d love to hear you out. I might still disagree, but I want to know if there’s a better way to form my ethical positions.

At the end of the day, we’re only human, and we should be doing the best that we can to be ethical, and if there’s something better than what I’m currently doing, I want to know about it.

For me, this is where utilitarianism falls apart. It makes the observer the person who gets to decide what “the best lives possible” means.

Every ethical framework requires making some affirmative presumption to begin with. The is-ought gap cannot be closed. Many ethical frameworks begin with less tangible things, like a belief in a deity, which can also lead to either heinous or benevolent outcomes.

How can the outside observer have the authority to make this decision?

When talking about humans, consider when people defend colonialism by saying they brought “civilization” and modern medicine, comforts, etc. to people who did not live the way the colonizers did. I’m not saying that non-colonized people live in some utopia, but the people who thought they were doing good didn’t give a single fuck about what the colonized people wanted, disregarded all their knowledge and experience and forced their ways on them. Even if we take lessons learned from that and try and be more open minded about listening to people before making decisions about them (my skin is crawling as I type this omg) we don’t know what we don’t know and it makes no sense to apply this framework to decision making impacting others.

I don’t disagree with any of this. And this is why I also strive to do whatever I can to accomplish the goal that I care about – everyone having the best lives possible – to do whatever I think results in other having the greatest degree of autonomy. It’s because I believe that no one knows what would result in a better life for themselves than themselves. I will always defer toward what empowers them to have as much autonomy as possible, provided they aren’t harming others (like carnism, colonialism, capitalism, ethno-supremacy, etc. do).

Now consider non-human animals and how we are even less effective at communicating with them…

Yeah. I think there’s an interesting conversation to be had about how one can cause the least harm and be most helpful to someone that we can’t effectively communicate with. I don’t have a good answer for this, so I just want to make sure their basic needs are met (or in the case of non-human animals, not actively sabotaging them) so that they can try to do whatever is best for them.

If you think that you can’t arrive at heinous positions with virtue ethics or other non-utilitarian ethical systems, you’re mistaken. Utilitarianism and other ethical frameworks have many unique and varied forms, and trying to denounce those broad categories entirely will get you nowhere.

You asked if anyone disagreed with you denouncing it, so I chimed in, but if there’s “no room for that”, then I’m not interested in hashing it out because there would be no point if you’ve already made up your mind.

I’m a leftist and a vegan because I lean utilitarian, not in spite of it, so I disagree. I want as many sentient beings to have the best lives possible and I act in accordance with that because I want that outcome. To me, those are much more solid axioms to have than any other ethical framework.

However, if you arrived at veganism and leftism through some other ethical system, I have zero interest in denouncing how you got there, and think there should be space for that.

That said, you can also use virtue ethics to justify heinous actions and beliefs too, but I think it’s better to be targeted in criticizing the specifics of their actions and beliefs over denouncing utilitarianism or virtue ethics as a whole. If you want to levy specific criticisms about how someone acts, and you think it’s rooted in utilitarianism, that can be useful, but denouncing an entire ethical framework when its application can have widely varying outcomes isn’t good because that would throw out every ethical framework.

What is the opposite of thoughts and prayers? Apathy and ill will?

Thoughts and prayers. It has the exact same effect as apathy and ill will.

Other than the example uses provided in the article, does anyone have any interesting ideas for how this could be used? The RUST_LOG=debug one looks like it’ll be particularly useful as an easy way to see what network requests a given binary might be making.

Gross.

They mean light mode. I think “flashbang mode” is pretty apt though.

I just use Arc::clone() now that I know I can just throw the problematic data types on the heap easily. I’m sure there are “better” ways to do it, but ¯\_(ツ)_/¯

As someone whose only other language was very beginner-level Python before learning Rust, the part about not treating the borrow checker as an adversary, but as a companion, mirrors the point at which I began rapidly improving.

I like to say that the Rust compiler rules are like having a senior engineer over your shoulders to help you avoid writing (certain kinds of) bad code.

There are still times when the borrow checker becomes my adversary (like needing to share data in threads), and it is painful, but they become less frequent over time.

The same could be said about iOS and Android. We just gotta help people when we can.

The same could be said about Windows. It’s a bad idea for people to use Windows without installing it themselves because they are dependent on MS and the OEM that installed it for them.

Better that they’d be dependent on someone that cares about them than soulless corps that just want to exploit them.

Imperial boomerang

Yeah. For every person out there that says “but muh dogshit software that hates me doesn’t work on Linux!”, they should just use macOS. It’s compatible with a ton of proprietary and abusive software (Adobe, DAWs, etc.), and you at least get an OS that works.

I don’t know how people can stand using Windows. I use a 50-50 split of macOS and Linux, and it’s nice to not have to fight my computer to do even the most trivial of things.

My issue with snaps is also the power that Canonical has to fuck you over one day, because of the centralization that you mentioned, but also that their shitty fucking packaging format sucks ass and breaks everything but the most basic of apps. I’ve wasted hours trying to help people with their broken applications that were hijacked when they typed apt install whatever and “whatever” was actually a fucking broken snap package.

Flatpaks and AppImages actually do the fucking things they’re supposed to. Snaps don’t, and Canonical is pulling a Microsoft by hijacking your package manager.

Also, Snap sandboxing only works with AppArmor, so if you were hoping that all the breakage was worthwhile because you get sandboxing, you don’t if you’re on anything but a handful of distros 🙂

I’ve been a vegan for a long time, but I only learned in the past year or so what dairy fHarmers colloquially call their “breeding racks”.

Now, when a carnist tries to tell me I’m being hysterical for simply being anti-exploitation, I just ask them to google what they call their own torture equipment. fHarmers are saying the quiet part out loud amongst themselves.

Does anyone know if there’s a more up-to-date blocklist? This is great, but it’s 4-5 years old.

Friendly Interactive SHell