Fushuan [he/him]

Devices with taiwanese chips will get tariffed too? Because this opens up a way to ourairce manufacturing so that the US doesn’t just buy chips and avoid the tariff.

Doesn’t this do the inverse of boosting local commerce?

Imagine that the main instance starts to blocklist words and censor content. Or ads. Having a way to move all your history, follower and follow list would be great so deter such issues since users can abandon your server quickly and you would just lose the userbase you were trying to monetise.

Imagine I decide to invest in a private server and want to create my own instances and move my Lemmy and Mastodon accounts there to have better control of what happens.

Having to resubscribe to everything would suck and specially in mastodon, having to generate a new userbase from zero would just deter users from such things.

Another example, suddenly the Mali govt decides to close lemmy.ml, that would suck. Having a way to changing the instance would be just great.

Even if the username changed, having some feature where you can transfer your account and follows, history and notify all to your followers of the new name so their follow list gets updated could be coded, and it would make instance hopping relatively easy.

I’m against reserving your name in all instances but having a feature to change the handle and that all your followers don’t suddenly know who you are is important. Something akin to creating the new one, notifying of the change and leaving the old one directing to the new one for some time.

Or just not letting you swap to an instance if the handle exists. Idk. But this would make me actually start using mastodon if it were a feature. I might even start a fork and work on it.

HTTPS has way too much bloat for it to be relevant where SSH is used. Its a protocol to send hypertext in a secure way, SSH is a secure shell. Saying that we should use https out of all tools as a SSH replacement is wild.

I call you a troll because is my kindest way to say that these opinions that you have are so out of touch with development since more than 30 years that your opinions are just wrong and you are saying them with such conviction that either you are intentionally misleading others for laughs (a troll) or it’s a worse alternative. Yeah I was avoiding having to scrutinize your inability to recognize how the programming world has evolved in the last 30 years. Hell, mobile phones didn’t really exist 30 years ago!

I really don’t need github in a box sir. I can use the command line just fine and if I need more my code editor interacts with git I show me a fine interface just fine. Spinning up a local web server to see how the vc is going seems like bloat. The Linux mantra is for each tool to be centralised around one task and fossil seems to be overreaching. It looks like they decided on the name appropriately, some old thing not relevant anymore the no one has heard about in a long time, a fossil.

Addendum: You know that most lemmy clients, even the webview, don’t render the HTML tags, right?

1995 is new to you? SSH is useful for way more thing than version control, you should be using it when interacting with remote servers in one way or another.

You must be trolling. I can’t believe you just said that SSH is NOT the battle tested one. I just looked it up, git released in 2005 and fossil in 2006, it’s the newer tool! So, to your comment, literally no U.

I must be missing whan you mean by remote/server since pull, fetch, push… All interact with remote copies of the repo.

What? Since when has ssh been a negative? Regardless of VC if you work on remote machines you need SSH, fullstop. I won’t take you seriously if you think otherwise sorry.

BODY

…I admit I didn’t do the math with the amount of bits they stated xD. Still, it’s like 10 times the amount of bits, you can get a stronger EC key with 5 times less bits compared to RSA.

… How about going for a EC key?? Staying with RSA is stupid at this point.

Bitwarden has a passkey service + a paid totp service, so I can always use either to log into whatever within two clicks. Yeah it’s less secure than a physical keychain but… Whatever, it’s better than passwords and as easy to use.

In any case, if you atore the backup codes in a place where you can lose them, that’s on you. Upload them into somewhere you control that has good privacy laws.

That’s not correct. There’s user to server encryption, just not e2e. It’s less secure, sure, but given that they want to arrest the CEO over his compromise on keeping that actually private, it seems trustworthy enough, and has been over the years.

oh, yeah I’ve read and heard of plenty people saying that they definitely notice it. I’m lucky enough not to because most ARPGs don’t run 60FPS on intense combat, let alone 120 fps on a rtx3080 lmao.

I was talking more about the jump from 240 and beyond, which I find surprising for people to notice the upgrade on intense gaming encounters, not while calmly checking or testing. I guess that there’s people who do notice, but again, running games on such high tick rate is very expensive for the gpu and a waste most of the time.

I’m just kinda butthurt that people feel like screens below 120 are bad, when most games I play hardly run 60 fps smooth, because the market will follow and in some years we will hardly have what I consider normal monitors, and the cards will just eat way more electricity for very small gains.

Sure, but wasting double or triple the resources for that is not fine. There’s very limited places where that even is a gain on games, because outside those super competitive limited games it’s not like it matters.

In thought that 60Hz was enough for most games, and that for shooters and other real time games 120 or 144 was better. However, it reaches a point where the human eye can’t notice even if it tried.

Honestly, going up in framerate t9o much is just a waste of GPU potency and electricity.

on a similar topic, I recently upgraded my screen from two 24’’ 1080x60 to 24’’ 1080x144 & 27’’ 1080x120. I barely tell the difference but my card sure does, I quickly limited the refresh rate of both to 60 because I it’s pointless and I’ve read too many people saying that once you go 120+ it feels bad watching 60, and I really don’t want to get used to something that just makes me spend more electricity for nothing.

If you enjoy stuff fine in FullHD, don’t bother increasing the resolution. As others have explained, there are other things to upgrade before going for resolution that will have a bigger impact on the image. That said, purchasing a good screen that happens to have 2K or anything higher than 1080 is no big deal, just set your resolution to whatever you want from software and be done with it.

But… PAKE is used as a method for ongoing exchange of messages, you wouldnt avoid using a password when authenticating, which is the whole point of this debacle.

In really don’t see it that complex, in my last job IT installed a passkey in my laptop, which then Microsoft used to login and thorough its SSO, I just stopped using passwords altogether after logging into my PC itself. This is way more secure for the average Joe than having 5 postists with passwords pasted in the sides of the monitors. Yes this is way more common then you think, there’s a reason passwords need to be rotated all the freaking time.

Once rolled out, workers didn’t have to do anything to authenticate, as long as they were using the work laptop the company assumed that the used was the one using it, since the laptop was registered to the user, and it was way more comfortable.

It’s not really that hard to explain to people. Sending passwords is insecure because if an attacker gets the password, you lost. With passkeys, once you set it up, google/microsoft/pepapig.com will send a request to authenticate to your phone, where you will just say “yes” and they will talk with each other to give you access. If an attacker gets hold of that message, it doesn’t get anything of value because each time pepwpig.com and your phone talk with each other, they say different stuff and the attacker would just have yesterday’s responses, so they lose.

Old people won’t adopt it unless forced, just like they adopted special passwords by adding 1 and * to whatever stupid word they use and writing it next to their work monitor, in the office. They just won’t. Either IT automates everything for them or anything we develop will get completely bypassed.

It’s like the initial authentication, where server and clientnexchange a symmetrical key with their asymmetrical keys. The difference is that in that exchange the server and the client meet for the first time whereas the point of pass keys is that once when you were already authenticated, you validated the device or whatever will hold the private key as a valid source, so then when the authentication code gets exchanged, both ends can verify that the other end is who they tell is, and both can verify the other end as valid, and thus that exchange authenticates you because you, in the past, while authenticated, trusted that device as valid.

Technically, yeah, it’s an asymmetrical key exchange. Iirc the server sends you a signed certificate and you need to unencrypt itnwithbtheir public key and sign it with your private key, so they can the getnit back and ensure that it was you who signed it, using your public key to check the validity of whatever was sent.

I don’t know enough to be 100% corrextbon the details, but the idea is that it’s an interaction between asymmetrical keys.

Soporta like how we use keysbto authenticate through github through SSL, but with an extra level of security where the server validates a key in a single endpoint, not wherever that private key would be held (like with SSL)

I’m going to get technical. A registered passkey is basically your phone or whatever holding a private key and the server holding the public one. When you want to log in, you enter the username on the service, which contacts wherever you registered it, and asks for a verification. Then, the device creates a nonce, which is a random number to be used once (NumberONCE), and a copy of that number encrypted with the private key. Then, the service can unencrypt the piece and check that the value is the same as the unencrypted value. This process is called a digital signature, it’s a way for online processes to verify the sender of whatever.

This way, the server knows that whoever is trying to authenticate is doing it from the authorised device. The difference between sending a signed nonce and a password, is that is someone steals the signed nonce they get nothing, since usually that number gets registered somewhere so it’s not valid again or something, it’s not exactly as explained but the point is that whatever is sent can’t be sent again. Something like a timestamp in milliseconds where it will be obvious that the signature would have expired. If an attacker captures the authentication attempt, with passwords they get the actual password and can the use it again whenever, while with nonces, they can’t.

Iirc, the server sends the device a code and the device must send the signed code back, so the service knows that the one trying to authenticate is the device. No need for passwords.

Now, if you need to authenticate to gain access to that private key, that’s of course an attack vector, so if you want any kind of syncronisation of passkeys, you need to make sure that you don’t need to send a password to get the pkeys. I use bitwarden, and unless I misunderstood, you don’t authenticate against the bitwarden server, when you access your vault they actually give you you the encrypted data, which you then unencrypt with the password locally on the browser. I’ll have to double checknon this because I have a 2fa on that for extra measure butidk how it actually works. My plan for the future is to actually use a yubikey to authenticate against bitwarden, following the same logic explained above, to then gain access to a bigger pool of passkeys. This way, ultimately all access is protected with my physical key which I can connect to most devices I use, and I can, with NFC use the key to authenticate the android bitwarden app, so it should be completely usable.

In any case, passkeys are better than passwords, provided toy don’t store them in a less secure place. As we all know, the security level of a system is the security level of its weakest cog.