kytta

asier, 4 months ago to random

The other day I entered the spanish diary "El Español" and they offer two options regarding cookies: either you accept them or pay a subscription to reject them

ChallengeApathy, 4 months ago to Cybersecurity

A #cybersecurity rant: it seems #passkeys are all the rage right now, with many -- including so-called privacy and security "experts" -- claiming it will "replace" traditional usernames and passwords. What sort of nonsense is that?

First off, the number one entity pushing for passkeys is #Google... you know, good ol' "don't be evil" data theft conglomerate, Google? They're pushing for biometrics (fingerprint or face scan) to be used as a master password to unlock everything, in a dystopian twist on their already absurd invasion of our #privacy and digital rights. Here's why this is dangerous:

• As silly as it is, biometrics are not protected under the fourth amendment in the USA. They don't need a warrant to unlock your device if it's secured by your fingerprint or face scan. This isn't true with PINs or passwords; to bypass those, they have to follow due process and obtain a warrant

• With biometrics, all it takes is for a criminal, a romantic partner with malintent or a deviously curious family member to snag your thumbprint or face data and they instantaneously have irreversible access to your devices and accounts. Why?

• Because biometrics cannot be changed in the way you can change an email, password or even a 2FA seed. This means that just one data breach is enough to allow criminals access to a massive amount of phones, devices, accounts across the entire world, meaning that they wouldn't even need to knock you out to get access. Sure, it's claimed that biometric data never leaves your device but how do we know that? Moreover, how will that be true if passkeys replace traditional login with online accounts?

Not only do passkeys replace traditional usernames and passwords, they also effectively replace two-factor authentication, meaning that we objectively lose security because those two security measures (which are meant to be separate for a reason) are now united under one set of unchangeable information.

I understand the argument for "magic link" authentication, because that's definitely more secure than a "normie" reusing a crappy password across a bunch of services without any sort of 2FA. However, that's significantly different from uniting literally all of your login and authentication methods in one single point of failure. The entire point of passwords and 2FA are to follow the rules of "something you know" and "something you have". This is infinitely more secure than making it all "something you have" and linking it to biometric data that's unprotected under law (at least in the US).

So yeah, I really don't get why so-called "security experts" are pushing for passkeys. It makes sense for Google to do so. That's all they do: find new ways to intrude on our lives and our rights. However, security and privacy experts are supposed to be protecting their fellow man from threats, both criminal and corporate...

bagder, 4 months ago to random

"Buffer Overflow Vulnerability in WebSocket Handling".

A bot? An AI? Just a silly reporter? Another fine waste of #curl maintainer time.

https://hackerone.com/reports/2298307

kytta, 4 months ago to random

This year, I didn't finish #100DaysToOffload, I haven't finished a single book, and I didn't build anything worth forking.

And still, this was an incredible year for me. I've graduated from my university (still waiting for my certificate...) and got an incredible job. I've been a guest on a podcast! And, most importantly, I've been the happiest I've ever been.

2024 will bring in a lot of new challenges and opportunities, and I'm looking forward to them.

Happy New Year! Frohes neues Jahr! 🎄🍾

bonoky, 4 months ago to random

My plans to wean myself off Apple devices is progressing slower than I had hoped.

I’ve been going through all the propriety Apple apps looking for self hosted alternative but have been unable to find anything to replace “Reminders”.

Do you any suggestions or recommendations?

garritfra, 4 months ago to Futurology German

2023 in review, and some #predictions for 2024. :ablobcatwink:

https://garrit.xyz/posts/2023-12-30-2023-in-review

sotolf, 4 months ago to random

Do you need any more proof for npm being broken? the is-even npm package has 196,023 weekly downloads, and the is-odd npm package has 285,501 weekly downloads.

slashtechno, 5 months ago to poetry

I've been facing many issues with using #Poetry (#pythonpoetry) with my #Python based #objectdetection project. I love Poetry for publishing packages, but think that #conda would be better since I have to deal with #CUDA and whatnot. Anyone familiar with a way to use pyproject.toml for publishing and building packages, even if Poetry isn't being used for dependency management?

For context, here's the project I'm working on: https://github.com/slashtechno/wyzely-detect

kytta, 5 months ago to random

Today's idea: Detect if people visiting my website have an ad blocker enabled, and if they don't, show them a popup saying why it's a good idea with a link to install uBlock Origin

tombuildsstuff, 5 months ago to iOS

Today’s question: how did an #ios app which has never been installed have nearly 15h of use (per screen time) on Monday? 🤔

image/png
image/jpeg

julianfairfax, 5 months ago to random

Now that I use Moshidon, I have the ability to add the local timelines of other instances in the app. I think this is pretty cool.

So far, I have added chaos.social and tooting.ch, to explore the German and French posts on both.

Do you have any others you think I should add?

Est-ce que vous avez d'autres instances que vous pensez que je devrais ajouter?

Habt ihr andere Instanzen, die ihr denkt, dass ich hinzufügen sollte?

sindresorhus, 5 months ago to random

What would you like to see from my apps in 2024?

gairsty, 5 months ago to random

Today's tricky decision:
A. Write Xmas cards, and do other family festive things.
B. Install new #ZorinOS17

🤔

brad_frost, 5 months ago to random

Reply with your most nostalgic file extension.

Gina, 5 months ago to australia

deleted_by_author

18+ andthisismrspeacock, 5 months ago to threads

Ok, here is my #Threads thread, which I'm posting in the middle of the night so it doesn't clutter up most of my followers' feeds. Buckle up. 🧵

jp, 5 months ago to random

Wife's Macbook is dead. No charging indicator, no display, no power. Tried multiple power bricks, cables, and ports. Are these things worth trying to diagnose yourself or is that going to be an uphill battle?

oliverandrich, 5 months ago to random

After Github Copilot gets more and more annoying, I will give Jetbrains AI a try. The new UI of the Jetbrains looks nice, and maybe the AI convinces me to put some money into Jetbrains.

kytta, 5 months ago to random

Given how popular Logitech MX mice are, also amongst developers, how come nobody has still made a usable version of the ‘Options’ software? Reverse-engineer the drivers, make a lightweight daemon and native UI. Are the projects that currently are or have tried tackling this?

kytta, 5 months ago (edited 5 months ago) to random

Fediverse, I need your honest opinion on my next crazy project idea.

I am envisioning a CLI app that would give you contact details for people based on their nicknames/homepages. Here are some loose thought about how it should work: https://codeberg.org/kytta/reachout/wiki/Project-idea (~2 minutes; please read before voting)

I want to keep it as ethical as possible, and I want to know whether you think it’s creepy or not, and whether you would use it :D

#BoostsWelcome