The logic behind it is that a smartphone-bound passkey represents two factors of authentication: what you have (the phone) and who you are (the fingerprint used to unlock the phone’s passkey store).

Anything on a PC is easily copied and can only ever be safely assumed to represent one factor: what you know (the password to unlock your password manager). Thus the benefit of getting a two-factor authentication in one convenient step falls away.

Of course it’s still super annoying, especially if you don’t really trust your smartphone OS vendor and use a portable password manager already.

I also often see implementations where there’s a first step where you have to select how to log in. It’s an extra click but very clear (and usually one of the options is some form of SSO where that one click fully logs you in if you already have a session open).

Also, according to certain “news” publications and an army of totally legitimate people on the internet, he’s as incompetent as he’s evil and he’s singlehandedly responsible for every single problem anyone in Germany has had for the last 20 years.

My company uses Entra ID (or whatever they’ve renamed it to this week) and it’s a pretty common sight in our login flow. I think our SharePoint instance does it so it should be something MS does.

Of course it all depends on w how the company configures it.

Passkeys are supposed to be bound to one device and protected by that device’s OS’s secure enclave. If you have a second device you’re supposed to create a second passkey.

That’s why many sites will flat out refuse to let you create a passkey with a desktop browser since a PC-stored passkey doesn’t fit the security model.

It’s not like you can’t add a “Log in with your company’s SSO” button to the form. That works just fine and at least Microsoft does something like that.

Processor architectures maybe. They put Rust into Debian and it’s so bad that now e.g. amd64 is ruined forever for any OS and won’t see any new processors in the future. We’ll have to move to a different architecture. I didn’t watch the video since I treasure my brain cells too much but that’s what I choose to read into it.

(A more reasonable reading is that Debian now ships a kernel that includes Rust code and coincidentally has also dropped builds for several obscure architectures but I do not feel obliged to assume reason with a title and thumbnail like that.)

This isn’t the first time the AfD has asked for information on German defense capabilities and transport routes. In November, similar espionage concerns have already been voiced; back then they had already made 7000 separate inquiries.

Totally legitimate party with only the best interests of the country at heart. (Well, depending on which country you mean.)

They never said that the dent would be downwards. We’re up-denting now. This is moving fast and breaking things brought to the next level.

With just a bit of effort and a modest 300 billion dollars we can bring critical security issues to levels that make traditional management approaches obsolete, creating a lucrative market for vulnerability report management AI.

If the perceived threat is a model going rogue, nobody pays attention to the model operating as intended.

But hat would require them to put in actual effort instead of just pushing out a minimum viable product and calling it the next evolutionary stage of computing.

Yeah, that’s what I meant with the bigger picture. They have a valid reason to deny this request but they haven’t denied other requests that they really should’ve.

I mean, I can see a case for not wanting to play dragnet at a mere request. You don’t want any random guy and/or agency to be able to have you to help them track down someone they only have a picture of, no matter how much they pinkie swear they’re doing it to protect that person.

That’s getting awfully close to sharing PII. You generally want to see a subpoena for this stuff and with good reason. Meta are, oddly enough, not being actively scummy here. (One can of course argue about all the other times when they don’t give a shit; the bigger picture is definitely super scummy. But for this in isolation they actually have a valid reason for their behavior.)

What might work would be a standardized, streamlined process where the police can ask the company and if the company says the request is reasonable they can apply for an expedited subpoena to allow legal access to the information. Agreement by both would be necessary to give more opportunities for due diligence. This process would also have to have a very limited scope in order to make abuse harder.

Things like this made the news several times when Interpol (or was it Europol?) showed pictures on social media and asked if anyone could turn them into information (things like “in which country is this backpack sold”).

When international law enforcement agencies are already openly crowdsourcing image details, an article about a group doing background detail analysis isn’t much of a revelation.

Of course it’s political. If Caligula hadn’t chickened out they wouldn’t be in this mess today where water can just airdrop in and demolish the landscape at will. Is that water the sea? No, but conquering the sea would’ve sent a clear message to water in general.

It definitely depends on the use case. I could accept this being abstracted out to facilitate mocking, for instance (although I’d recommend mocking at a higher level). But in general this wouldn’t pass review with me unless I get a good explanation for why it’s necessary.

Then they could add their own function in later stages. YAGNI exists for a reason.

ISO-8601 weeks start on Monday.

The dollar still isn’t much different than it was a month ago. The bet is less on how strong the dollar is than how stable the stock market is going to be in the near future. And apparently people expect a relatively stable stock market.

Either way, this fluctuation doesn’t even matter if you hold gold unless you engage in short-term trading. Anyone with a “sit on it” strategy can pretty much ignore such behavior.

Honestly, given that TV viewership is falling and people are increasingly using on-demand services instead of tuning in, I’d argue that 404 error pages and NXDOMAIN browser error pages are in the process of replacing the dead channel conceptually.