I dunno if I just discovered them but I was playing Sexy Parodius and Harmful Park. I’m really bad at both.

Banana bread is super easy to make. The only reason i don’t make it more often is because it’s basically cake in disguise.

Out of curiosity are any similar products actually good? My company uses Webex and frankly I’d rather use teams.

I think they call them devops now.

Seems like a lot of the flaws just have to do with the fact that the real metrics you want to use, which would probably be body fat percentage, are hard to measure accurately at home.

Uhh how about 1997?

Because social networks are only as good as the people who are on them.

If you want to roll your own with keepass that’s fine, but most people will want a more comprehensive solution.

They Call me Gato. I have Metal Joints. Beat me up. And Earn 15 Silver Points.

When you’re spending $300M on a game budget you don’t want to take a lot of risks. But I don’t think there’s any lack of creativity coming from the market as a whole. Most dire pronouncements on the state of games are only really true if you ignore indies.

Like honestly, I think GOW and Spider-Man and Horizon are fine, but I’d rather see Sony put out several AA games that take risks than crank out another sequel to those.

If you’re paranoid about this, go buy a yubikey and use that to secure your device/access to your passkeys. Being able to secure your own data instead of relying on the admin who may or may not know what they’re doing to secure the server is an advantage of passkeys.

It’'s really up to the end device (and the user of said device) to decide how much security to put around the local keys. But importantly, it also requires access to the device the passkeys are stored on which is a second factor. And notably many of the implementations of it require biometrics to unlock.

The “one password” thing is also true of password managers, of course. One thing about having one master passphrase is that if you do not have to remember 50 of them, then you can make that passphrase better then you otherwise might, plus it should be unique, which prevents one of the most common attack vectors.

If you’ve ever used ssh it’s very similar to how ssh keys work. You create a cryptographic key for the site; this is the passkey itself. When you go to “log in” the client and server exchange cryptographic challenges, which also verifies the site’s identity (so you can’t be phished…another site can’t pretend to be your bank, and there are no credentials to steal anyway). Keys are stored locally and are generally access restricted by various methods like PIN, passphrase, security key, OTP, etc. When you’re entering your PIN it’s how the OS has chosen to secure the key storage. But you’ve also already passed one of the security hurdles just by having access to that phone/computer. It is “something you have”.

Password managers are never going to hit anywhere near 100% adoption rate. It requires knowledge on the part of the user and in many cases money. No grandma isn’t going to roll her own with keepass. Most likely she’ll never even know what a password manager is. And as long as those users are still out there, admins still have to deal with all the problems they bring.

Incidentally I looked and it’s been over a decade since I started using my first password manager. They’re not that new.

You’re looking at this from the perspective of an educated end user. You’re pretty secure already from some common attack vectors. You’re also in the minority. Passkeys are largely about the health of the entire ecosystem. Not only do they protect against credentials being stolen, they also protect against phishing attacks because identity verification is built in. That is of huge value if you’re administering a site. Yes if everyone used a password manager there would be less value, but only about a third of users do that. And as an admin you can’t just say “well that guy got phished but it’s his own fault for not using a password manager.”

I do think that we need more standard procedures around what a reset/authorize new device looks like in a passkey world. There’s a lot about that process that just seems like it’s up to the implementer. But I don’t think that invalidates passkeys as a whole, and most people are going to have access to their mobile device for 2 factor no matter where they are.

Incidentally I have no idea who this is or whether his opinion should be lent more weight.

In the sense of “do they require lightning fast reflexes or mastering a deep combat system”, no not at all. They mostly require paying attention and learning.

Did you try evolving them?

This is like a $30 sandwich from one of the most famous delis in the country. I would not describe this as a typical American sandwich.

I don’t think there is one of those in this conflict.