Category Archives: News

Shared items and notes from my feeds and browsing. Subscribe as feed.

You’ll soon be able to safely and easily move your passkeys between password managers

Posted on 2024-10-15 by pappp

Source: Engadget

Article note: They've now met the _absolute baseline requirements_ for being a credible auth mechanism. I wasn't sure if they were going to, or if the big players were just pushing passkeys as a lock-in mechanism.

By now, most people know passkeys offer a better way to protect their online credentials than passwords. Nearly every tech company of note, including Apple, Google and Microsoft, supports the protocol. Moreover, despite a slow start, adoption has dramatically increased in the last year, with, for instance, password manager Dashlane recently noting a 400% increase in use since the beginning of 2024. Still, not everyone knows they don’t need to rely on passwords to protect their online identity, and transferring your passkeys between platforms isn’t as easy as it should be.

That’s why the FIDO Alliance, the coalition of organizations behind the technology, is working to make it easier to do just that. On Tuesday, the group published draft specifications for the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), two standards that, once adopted by the industry, will allow you to safely and seamlessly move all your passkeys and passwords between different apps and platforms. 

With some of the biggest names in the industry collaborating on the effort (including Apple, Google, 1Password, Bitwarden, and Dashlane, to name a few), there’s a very good chance we’re looking at a future where your current password manager — particularly if you use one of the first-party ones offered by Apple or Google — won’t be the reason you can’t switch platforms. And that’s a very good thing.

“It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden,” the FIDO Alliance said. “Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear.”

The CXP and CXF standards aren’t ready for prime time just yet. The FIDO Alliance plans to collect feedback before it publishes the final set of specifications and gives its members the go-ahead to implement the technology.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/youll-soon-be-able-to-safely-and-easily-move-your-passkeys-between-password-managers-161025573.html?src=rss
Posted in News | Leave a comment

The Future of Big Iron: An Interview with IBM’s Christian Jacobi

Posted on 2024-10-14 by pappp

Source: Hacker News

Article note: Neat read, the interviewer is Ian Cutress (wrote a bunch of the best architecture deep dive stuff for AnandTech; More than Moore is his own substack that he's been posting writing to) talking with the lead of the IBM Z (modern descents of the S/360, 370,390 mainframe line) about chip design and market trends. It's not a world I get much perspective on.
Comments
Posted in News | Leave a comment

FreeBSD: How Can We Make It More Attractive to New Users?

Posted on 2024-10-12 by pappp

Source: Hacker News

Article note: I tried FreeBSD 14 on a spare laptop the other day because I had a "Let's see what's going on in BSD Land" urge. Maybe refresh my perspective on the Linux stack. Two hours of fucking around later I determined that the QCA9565 wireless chip-set driver seems to be "half working" and intermittent, or their alarmingly-static-looking wireless configuration system has subtleties I couldn't figure out, as someone who is "pretty good at computers." Next I tried booting the installer on a coreboot'd ex-Chromebook just for sport, it couldn't handle the i2c input devices, so no. It runs OK in a VM but... not on any real hardware I have on hand, and not with any user-facing features that really distinguish it. I do still adore the simplicity of BSD-style rc init, and like the ifconfg extended for the modern era better than the command line soup that is the ip tool, and some other details in that vein, but the overall experiment was not wildly favorable. Also, their much-vaunted documentation is frankly not as comprehensive as the Arch wiki. The HN thread makes it sound like their power management/suspend situation is not really up to snuff for running on laptops right now anyway, though there are reports of a major effort to improve it.
Comments
Posted in News | Leave a comment

Archive.org, a repository storing the entire history of the Internet, has a data breach

Posted on 2024-10-09 by pappp

Source: Ars Technica

Article note: Well that's not good.

Archive.org, possibly one of the only entities to preserve the entire history of the Internet, was recently compromised in a hack that revealed data of roughly 31 million users.

A little after 2 PM California time, social media blew up with screenshots showing what the archive.org homepage displayed.

It read:

Read full article

Comments

Posted in News | Leave a comment

China Possibly Hacking US “Lawful Access” Backdoor

Posted on 2024-10-07 by pappp

Source: Schneier on Security

Article note: Entirely predictable problem was entirely predictable. Backdoors for anyone work as backdoors for everyone who figures out (or steals) how they work. Don't make them or they will be abused.

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers.

For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the “wrong” eavesdroppers.

Other news stories.

Posted in News | Leave a comment

We need a real GNU/Linux (not Android) smartphone ecosystem

Posted on 2024-10-05 by pappp

Source: Hacker News

Article note: Someone who wasn't around for the Maemo era discovers how far we've fallen.
Comments
Posted in News | Leave a comment

No evidence social media time is correlated with teen mental health problems

Posted on 2024-10-04 by pappp

Source: Hacker News

Article note: There certainly are unhealthy things about social media, but I think a LOT of the finger-pointing is the traditional, horrible, "Pointing at the things young people do to escape/work around the actual problems in their life as though the workarounds are the problems." We've done a _really through_ job of excluding young people from most public spaces with explicit policy (You'd get CPS called on you if you let your kids have as much autonomy as used to be normal), over-scheduling to meet dubious competitive pressures, and car-centric (sub)urban design. They are facing broadly diminished prospects in careers and home ownership relative to earlier cohorts, climate change is kicking into high gear, they had developmental years in the pandemic... and now there's an increasing mixture of rent-seeking and policing in the online spaces they gather in as a workaround.
Comments
Posted in News | Leave a comment

No evidence social media time is correlated with teen mental health problems

Posted on 2024-10-04 by pappp

Source: Hacker News

Article note: There certainly are unhealthy things about social media, but I think a LOT of the finger-pointing is the traditional, horrible, "Pointing at the things young people do to escape/work around the actual problems in their life as though the workarounds are the problems." We've done a _really through_ job of excluding young people from most public spaces with explicit policy (You'd get CPS called on you if you let your kids have as much autonomy as used to be normal), over-scheduling to meet dubious competitive pressures, and car-centric (sub)urban design. They are facing broadly diminished prospects in careers and home ownership relative to earlier cohorts, climate change is kicking into high gear, they had developmental years in the pandemic... and now there's an increasing mixture of rent-seeking and policing in the online spaces they gather in as a workaround.
Comments
Posted in News | Leave a comment

Nobody knows what happened within the MMC Association in 1998

Posted on 2024-10-02 by pappp

Source: OSNews

Article note: This is some deep, weird history.

In 1999, some members from the MMC Association decided to split and create SD Association. But nobody seems to exactly know why.

↫ sdomi’s webpage

I don’t even know how to summarise any of this research, because it’s not only a lot of information, it’s also deeply bureaucratic and boring – it takes a certain kind of person to enjoy this sort of stuff, and I happen to fit the bill. This is a great read.

Posted in News | Leave a comment

Switch emulator Ryujinx shuts down development after “contact by Nintendo”

Posted on 2024-10-01 by pappp

Source: Ars Technica

Article note: The fact that the system is _clearly_ "You can stop your probably-legal-by-precedent activity, or we can ruin you with legal bills." is really distasteful.

Popular open source Nintendo Switch emulator Ryujinx has been removed from GitHub, and the team behind it has reportedly ceased development of the project after apparent discussions with Nintendo.

Ryujinx developer riperiperi writes on the project's Discord server and social media that fellow developer gdkchan was "contacted by Nintendo and offered an agreement to stop working on the project, remove the organization and all related assets he's in control of." While the final outcome of that negotiation is not yet public, riperiperi reports that "the organization has been removed" (presumably from GitHub) and thus "I think it's safe to say what the outcome is."

While the Ryujinx website is still up as of this writing, the download page and other links to GitHub-hosted information from that website no longer function. The developers behind the project have not posted a regular progress report update since January after posting similar updates almost every month throughout 2023. Before today, the Ryujinx social media account last posted an announcement in March.

Read full article

Comments

Posted in News | Leave a comment