Daily Archives: 2024-04-26

UK votes to dissolve university senate, strips role of helping set school policies

Posted on 2024-04-26 by pappp

Source: Latest News

Article note: We knew the board was going to rubber stamp it, but it's still repugnant. As best I can make out, the entire premise is "We can't squeeze any more money to support administrative bloat and monument-building construction projects out of the pool of qualified students, so we need to start admitting more unqualified students to pump those numbers." This power grab apparently kicked off because the faculty senate wanted to reinstate test requirements for admission (which our vast pandemic-era forced experiment has demonstrated generally improves the diversity of admitted students, because standardized tests are one of the few good way for students from disadvantage backgrounds to distinguish themselves in a portable way), and the administration didn't want that getting in the way of expanding enrollment into taking a couple semesters of tuition from more students who are grossly unprepared for college.

University of Kentucky faculty and staff attend the board of trustees meeting on April 26, 2024. The board heard from nine people opposed to a proposed change to the university’s governance structure, which would move the university senate to an advisory role.

Posted in News | Leave a comment

Corporate greed from Apple and Google have destroyed the passkey future

Posted on 2024-04-26 by pappp

Source: OSNews

Article note: This was the only possible outcome in the current environment, and why I've been totally disinterested in passkeys.

William Brown, developer of webauthn-rs, has written a scathing blog post detailing how corporate interests – namely, Apple and Google – have completely and utterly destroyed the concept of passkeys. The basic gist is that Apple and Google were more interested in control and locking in users than in providing a user-friendly passwordless future, and in doing so have made passkeys effectively a worse user experience than just using passwords in a password manager.

Since then Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can’t be extracted or exported in any capacity.

Both Chrome and Safari will try to force you into using either hybrid (caBLE) where you scan a QR code with your phone to authenticate – you have to click through menus to use a security key. caBLE is not even a good experience, taking more than 60 seconds work in most cases. The UI is beyond obnoxious at this point. Sometimes I think the password game has a better ux.

The more egregious offender is Android, which won’t even activate your security key if the website sends the set of options that are needed for Passkeys. This means the IDP gets to choose what device you enroll without your input. And of course, all the developer examples only show you the options to activate “Google Passkeys stored in Google Password Manager”. After all, why would you want to use anything else?

↫ William Brown

The whole post is a sobering read of how a dream of passwordless, and even usernameless, authentication was right within our grasp, usable by everyone, until Apple and Google got involved and enshittified the standards and tools to promote lock-in and their own interests above the user experience. If even someone as knowledgeable about this subject as Brown, who writes actual software to make these things work, is advising against using passkeys, you know something’s gone horribly wrong.

I also looked into possibly using passkeys, including using things like a Yubikey, but the process seems so complex and unpleasant that I, too, concluded just sticking to Bitwarden and my favourite open source TFA application was a far superior user experience.

Posted in News | Leave a comment