psycotica0

What does it mean access to the chapel and East Wing? Are those... not included? Is it a museum or something?

Yeah, like other people covered, it's unfortunate but also very important. It's easy to tie "visible wifi networks" to "surprisingly precise location on globe" in many places, so the permission is named for the worst case scenario. Yes, the app might just be looking for a wifi, but it also could use that same information to locate you, so it's the location permission. Sensible.

If they wanted to support just this one feature without requiring a location permission, they could maybe have an API that is "are you currently connected to this opaque token" API where the app can ask "am I connected" and is just told "yes" or "no". That's probably safe enough. And then I could register the app with my wifi without the app even knowing what my Wifi is, it just gets a unique but random string.

The same is true of bluetooth. If I can list nearby bluetooth, I can see that speaker and this TV and guess location. But there could be an API that hides that, there just isn't currently

Right, okay, I definitely haven't bought a new computer in the past 5 years. I wonder if anyone has "how old is the average computer" percentiles, because I have a feeling most people haven't bought a new computer in the past 5 years, so it seems surprising to supercede a codec after so few years, but maybe I'm the weird one?

Ugh, those garish folks are New Horror, we Old Horror would never stoop to those levels.

Yeah, I think it's just the way the blog post was written. When I was reading it I saw the first few paragraphs was basically "here's how to do Cron with it", and then everything after that was "here's a bunch of other features it has that cron doesn't and how to use those"

I don't think that's the wrong way to write this kind of article, but I could see it feeling overwhelming on a skim, because it may feel like you need to read the whole thing in order to get anything working. But actually only the start was necessary, and the rest was tasty feature pitch.

I think I'm just getting old, but I thought AV1 was still new too. Do I even own any devices that can decode it? I'm not sure I've even got h265...

Sorry, I'm team gold. We're real! I've never seen blue in the original image.

These answers will be theoretical, because it's possible some browser or system will do things stupid and negate these positives:

It shouldn't make things less anonymous, because different websites get unique passkeys made for them. This also makes them more secure, because if one site has a complete DB leak, that doesn't impact other sites at all.

Also, the passkeys are used for auth, so there's already no "anonymity" here, you're logging into a website. They know who you are, at least which user you are, maybe not which human, which is as true as it was before with passwords.

Also they should require your device to ask you if you want to use the passkey, they're not supposed to be automatically leaking to every site you visit without your knowledge.

Also, they are not stored via cookies. Unless you mean the login session, in which case that part is stored via cookies, but just the same way that a password login gets a session key via a cookie to use after you've logged in. So if someone can steal your cookies that's already a huge problem, but they don't get any extra information with passkeys. The actual secret material for a passkey is stored outside of the browser entirely.

The biometrics aren't supposed to leave the device, they're prompted for by the hardware on the device asking if you'd like to allow the keys to be used. The browser asks the passkey hardware "I'd like to sign this thing please" and then the hardware pops up the biometric thing as part of its decision making process on whether it should do that or not. Crucially this is not the website asking for biometrics, it's your device. And if you unlock it, then it chooses to sign what it was asked to sign, and all the browser gets back is the signature.

In theory.

To anyone reading this that's red-green colourblind, the joke is that the word "Red" is green coloured, and "Green" is red coloured.

I've encountered it very little, but when I encounter it it's because I try to do something and it doesn't work. So I check the permissions with ls -l, and it all seems reasonable. Huh, this should work. Try again, nope. Hmm. 20 minutes of trying random variations, strange results. Oh fuck, is this SELinux? Shit. Where do those configs exist again? How do I configure that? Google "SELinux cheat sheet" hmmm, I don't have enough context to use that, Google "SELinux getting started". Read tutorial, try to skim just enough to figure out what's going wrong for me.

So I don't hate it, I just haven't ever had a use for it, but it has surprised me in a bad way before and cost me a lot of time and confusion, but I've never spent the time getting familiar because I've never had a use for it. And it comes up rarely enough I never remember anything about it by the time it bites me. I can't even recall now what I was trying to do the last time I bumped into it.

My useless brain read the title as "Giant Worm", and then I saw the cover and thought "okay, that's clearly the octopus back there, so is she supposed to be a worm? That has got to be the laziest, most fan servicy bullshit worm costume I've ever seen"

Then I read the summary hoping she wasn't the worm, and then was confused about why it didn't mention a worm at all! I figured it out, eventually...

Huh, that's some fun psychology. Donations make me feel guilty and uncomfortable 😛

Good to know someone enjoys them!