2
points
throwaway2056
Joined 196 karma
- I know some webhosting provider that used one VM for every user. Now they moved to using this. Firstly low resource usage. If one uses ZFS or btrfs then one can save storage as in common bits are not duplicated across system containers. Note this is a system container - not traditional container. This one can be rebooted to get the previous state. It is not ephemeral.
- All phones ask for PIN or pattern in addition to face/fingerprint. Use that.
For the average user this is safe enough. (i.e) keep google/apple password safe. Then all is fine.
> exporting and FAANG lock-in
You don't ever have to even sign into FAANG if you can put up with inconvenience.
- Buy a U2F FIDO key like OPEN SOURCE https://solokeys.com/ or Yubikey etc - You can register this key directly at the website or - Use https://bitwarden.com/passwordless-passkeys/ - Every password manager need to implement it obviously
- > Doordash
I would assume apps that are non-geek oriented will do quicker adoption. In my experience, many people are looking at passkey like a
- Password manager that is automatically working fine on their phone - Apple or Google takes care of everything. And users think of it like 'Sign in with Google/Apple equivalent'. Press fingerprint/face-ID and all just works.
Only PITA I expect is that banks type dinosaurs will screw up this (like they did with 2FA - with custom apps and non-standard implementations). I wish W3C would some way ban these but banks are somehow escaping standards.
- TBH, this is better than custom UI that blocks password manager copy paste.
- I just use the term throwaway instead of JohnDoe. A quick search:
https://abcnews.go[.]com/US/hit-run-drivers-kill-people-jail...
If I find the legal podcast link then I will link it here.
- I definitely listened in a legal podcast that somehow juries award lower sentences to road accident deaths as compared to others. Seems strange.
- Does this mean the legal team do not understand tech? How come a company like Google/YouTube have no checks-balances when sending things like this? Or do the top-level not have powers over legal team?
- thank you.
- Please don't give such justification. Power corrupts, misuse.
- Would you also allow your team mates to know same data about you to them?
- That would be a level playing field.
- Or at least MS tools should 'automatically' report to the User that an Admin did LOOK into their habits.
- This way you will not have intelligent people working in your team. I am saddened that Google does this.
- Are your teammates aware that you can do this?
- If anyone from gitpod is reading please
- stop sending me emails that your 'workspace' is going to be deleted spam emails constantly.
- I have disabled all notifications but still get constant emails telling of new plans etc.
- Dark or grey patterns: The unsubscribe is 'written' in smallest font size, and grey - impossible to click.
Please Stop
- This gets worse when reading developer documentation
- Github does not allow for 'web' VSCODE to have English (if I use non-English OS locale or browser).
- Google - developer sites (API) translate it to local language. While one can chane it; for reasons unknown this reverts back if one logout and relogin. BTW, most EU devs reading developer documentation still want to read things in English, as it helps better communication with rest of the world.
- Thankfully you are in the USA... + have > 300 in your account when it falls on the floor. Others will get a robust Xiaomi or Moto
- it will survive falling on concrete
- or if lost buy a replacement for $100- $200
It is one thing keeping a $1500 phone for 5 years. (though I have never seem flagship lovers that kept it for 5 years. They are too obsessed with keynote every fall that they buy new every year...)
Others love buying newer when it breaks.
- Seeing many of verge's articles to kinda force commoners to buy this is refreshing - cheap is good these days - for most people.
> HTC
That was a different time. poor cpu.
These days a "almost new or good" phone from amazon warehouse for $250 P6a is good for most people. Even a decent Moto G-series for $150 is good enough for whatsapp, fb, emailing, maps, uber. Common man can live with that speed.
> Conclusion? Buy an expensive phone (within reason) and use it for five years. Or longer.
Buying for class/show off, gaming or every day I photograph/video my life is different. Then you need expensive. Or if you are in sales/marketing. IMHO such people with expensive devices
- scratch it, break it
- They don't go to client with broken device
- No one that wants to have state of the art uses a phone with shattered edges.
- such people also buy new-tech to keep up with tech
- rich/prioritise money to phone (instead of shoe or etc). all OK.
It all depends on user profile.
- You are lucky if you find a mum with 3 kids or cafe owner or a fruit seller using TOTP in keepassXC. Do you know they would prefer a phone (not laptop/desktop)? They dont have laptop.
- I understand your argument from a philosphical or idealistic view. You are correct
People know Google/FAANG rather than bitwarden.
If your family knows bitwarden then kudos. I am living in a different world.
> Like, you are laying out exactly how vendor lock-in happens, but your point seems to be that vendor lock-in is fine and we should just stop talking about it. "
- We can talk about it
- And we are now.
- But people in power don't understand (or care).
There are no equivalent, easy option. I wish some company like proton mail or some one else would run a phone with all equivalent google services. But they don't.
> They'll use Bitwarden or Dropbox and it'll be fine -- easier than setting up a new phone.
Are you sure? People would ideally like
- Buy phone
- sign in google/apple account
- All apps installed and ready to consume/produce MEDIA
> Do people really think that passkey is easier to back up than Bitwarden is?
People think in different way. They know 2 things
- Google/Apple username + password
- get SMS recovery info (again I am not recommending - people are simplistic). May be you can replace this with some other option
- For example, facebook allows for nominating a friend or a facebook for recovery
- Enter the code
- ready to consume/produce MEDIA
> They won't need to wonder if their new phone is compatible with anything,
Average Joe has brand loyalty so that they will stay in whatever. Usually. If one goes to Samsung, they usually stay there - even if Pixel is better.
> They'll use Bitwarden or Dropbox and it'll be fine -- easier than setting up a new phone.
Where is the 2FA for dropbox or bitwarden? is that file supposed to be accessible without 2FA?
I agree to your no-vendor lockin sentiment but this means some one should invest and build a platform neutral + verifiable thing.
And even if some decent govt steps in people will claim it is all to track you. So EOF.
- > ecosystems
A majority don't. A majority use their phones/banks rather than analysing ecosystems.
> It'll mean that when your family member that doesn't know to make backups loses their iPhone, the only way to get those keys back will be to buy another iPhone.
That is acceptable solution. Buy and then move on with life. Everything will be back after your shell out $$ (android).
But with local will the family member send the hard disk or USB disk containing keys to recovery? Which recovery company? Will they be honest?
Whereas if you want to new phone - all works then easy.
People want simplicity. Really thats it.
(Again it may be sad for those that don't want to carry phone but the world is designed for average user).
BTW, why do you thing banks are using proprietary device.
Ask the HN -er to
- make it possible using U2F or TOTP keys (QR code)
- the same HN-user likes to implement flashy APP - so that they
- track, help whatever
- > tcketmaster
IIRC, nothing changed.
Take for example practices of PayPal or VISA etc. Nothing changed.
> Cloud backup works for average users. That includes keypass. Heck, even HN users do it that way. The only difference is that we have 16 word DiceWare passwords and key files on YubiKey devices.
Sorry most HN users are the ones building closed systems.
Sure, they work in FAANG for 10 years - get enough $$$M then sure complain things are NOT open.
> it's a lack of recourse when things go wrong.
but does it happen outside of banking etc. Most average Joe does not keep 10 year old email like a geek. They keep moving on.
I am a 20 year veteran of linux user. Sadly and frustratingly
- There is no easy open solution for google drive or docs
- Dont ask average Joe to do hosting/nextcloud etc
- I wish some one like FSF, Linux foundatation built some products that are usable (like firefox phone). Even during firefox phone sales, I found most of the EU devs were using for their daily use iPhone or expensive Samsung Galaxy. It is ridiculous to tell others to use 512MB or 1GB firefox phone when they used state of art
- Even recently I wanted to implement something like Codeberg at a large University. No help from their side.
- > Buy a second Yubikey
I can (as a geek) but this is a problem for average Joe or a single mum with 2 kids.
This is the reason even banks or <your employer> incl. Federal places uses Cisco DUO not an opensource solution.
Most things are for average customer. passkeys are great
- Assuming a person keeps one password (either Apple or Google OK)
- Phishing for them is reduced
- No need to squeeze brain for was it username or email address (for login field)
- Most phones have fingerprint (even < $60 in developing world too with Android)
- Passkeys work from Android 9 onwards
- At the end some one needs to compromise.
- 49 points
- To be honest, I was once like you but eventually it is painful to have tons of harddisks and maintain things. Also when I once visited a FSF event and saw many of those so called advocates (telling amazing things in blogs about Libre) were personally using iPhone and NetFlix or every other proprietary service or M1 Apple. Sure, everyone's choice. Then I learned that we all have cognitive dissonance.
> fellow masochists so they don't miss out on whatever new thing I found that we can all get more angry about :)
Ha ha ha!
- > What it does is promotes further centralisation, because most users will use one of the big providers.
Because there are no easy non-centralised solutions (that works for Average Joe)?
Remember
Average Joe cannot
- backup keepass
- 3-2-1 backups using ZFS
BTW, if so many average Joe's lost google accounts then there would be outrage and great chaos (like ticketmaster etc). So some people lost Google accounts - true. Same some people list U2F key.
> the tech industry, including the tech press, n
Pragmatism will win.
This reminds me of IRC vs WhatsApp (or Signal). People want things to be simple.
- > FUD such as retail Pixel devices'
At the end of the day pragmatism will survive. Sure, if the OP cant put a simple SIM card to get it resolved then he/she can buy from nitrokey/other installed GrapheneOS.
The basic premise of all these authentication/fingerprint/passkeys/whatever is to benefit the COMMON public. Telling a mother of 3 to keep keypassxc backup elsewhere (in a RAID with 3-2-1 offsite is impractical).
Also all these experts that write in HN often join some company and implement closed-source. Yes, life sucks if one uses 'linux' phone
- Banks don't care - If one is so against passkey gang then they should do something to make sure an average mum can use tech safely - see the state of PGP (very complex) - but signal/whatsapp is awesome. - Whether or not you like Cisco DUO becomes more of less default - Github/gitlab is developers world. Sure codeberg exists: I opened an issue asking them if they can help me configure runners - no help at all. - Also many of the devs say all open/free/etc but finally they do consume NetFlix, Prime etc (Yes, they have Apple TV or chromecast in addition to FrameWork (and RAID + 3-2-1). - Average Joe can't afford Framework. Get an ad-infested smartTV. Live with Google or Apple.
- In all these threads, there is never a project manager from a large establishment telling
- Thanks. we will migrate - we did and it was <good/bad>
More or less everyone is after $.
- If one runs the command until last week or so it exited (with failure) but pointed out that it is deprecated and provided a link to https://docs.gitlab.com/runner/register/index.html
documentation pages that once again stated the obvious. No difference at all. Then you rerun the command - same bounce out. No clue. The docs linked at the URL still say to use the --registration-token.gitlab-runner registerfinally (after digging into stackexchange and gitlab issue) one needs to run the command without
No where in the documentation it (until last week) that this should be removed for registering a runner as of today (last few months).--non-interactive - (I wish github does not become one but sadly gitlab is beset with constant pain)
- no proper communication - unclear future plan - poor documentation
See for example
- Do I assume you already have adb/dev settings enabled?
- Vietnam get 50 % tariffs
- Change the ban
- Easy peasy for Tech bros.