Badabinski

I’ll throw in “folks” as another gender neutral option. I say “you folks” all the time, especially in professional contexts. I’m not from the South, but I have family there so y’all is a part of my vocabulary. I use it in more informal situations pretty commonly.

Right, but I can’t require a second factor on a different device that operates outside of my primary device’s trust store. I’m sure there is some way to make my desktop hit my phone up directly and ask for fingerprint auth before unlocking the local keystore, but that still depends on the security of my device and my trust store. I don’t want the second factor to be totally locked to the device I’m running on. I want the server to say, “oh, cool, here’s this passkey. It looks good, but we also need a TOTP from you before you can log in,” or “loving the passkey, but I also need you to respond to the push notification we just sent to a different device and prove your identity biometrically over there.” I don’t want my second factor to be on the same device as my primary factor. I don’t know why a passkey (potentially protected by local biometric auth) + a separate server-required second factor (TOTP or push notification to a different device or something) isn’t an option.

EDIT: I could make it so a fingerprint would decrypt my SSH key rather than what I have now (i.e. a password). That would effectively be the same number of factors as you’re describing for a passkey, and it would not be good enough for my organization’s security model, nor would it be good enough for me.

I just don’t get why I can’t use something like TOTP from my phone or a key fob when logging in with a passkey from my desktop. Why does my second factor have to be an on-device biometrically protected keystore? The sites I’m thinking of currently support TOTP when using passwords, so why can’t they support the same thing when using passkeys? I don’t want to place all my trust in the security of my keystore. I like that I have to unlock my phone to get a TOTP. Someone would have to compromise my local keystore and my phone, which makes it a better second factor in my opinion.

EDIT: like, at work, I ssh to servers all over the damn place using an ssh key. I have to get to those servers through a jump box that requires me to unlock my phone and provide a biometric second factor before it will allow me through. That’s asymmetric cryptography + a second factor of authentication that’s still effective even if someone has compromised my machine and has direct access to my private key. That’s what I want from passkeys.

This is obviously wrong. The children yearn for the mines, not the slaughterhouse. They should be swinging a pickaxe at some pitchblende in an unventilated tunnel after school, not cutting up meat.

(/s obvs, I find the whole “the children yearn for the mines” thing to be just my kind of dark humor.)

This is a bad take. Several cities in my state banded together to create a municipal fiber network called UTOPIA. The fiber is owned by the cities that bought in and is used by several different ISPs. The ISPs pay UTOPIA for access, and then they have to compete with each other for subscribers based on performance, features, and cost. Like, there’s genuine market competition for internet! If the state owns the infrastructure and then forces the playing field to be level, then everyone benefits. People in the cities with UTOPIA got fast fiber internet waaay faster than anyone else, they have a plethora of choices (want a static IP and a business plan in your residence? There’s an ISP that sells that!) at great prices, ISPs get access to subscribers without having to maintain fiber, and the cities who bought in get to make money from this and attract residents and businesses who benefit from the service.

My city didn’t buy in. Google Fiber eventually came to town so I was able to kick Comcast out, but I am uneasy about what’ll happen if Google decides to drop their ISP business. If I was in a city with UTOPIA, it would just be one ISP folding and I’d be able to pick a new one and switch over right away.

EDIT: cool, Cory Doctorow wrote a blag post about it: https://doctorow.medium.com/https-pluralistic-net-2024-05-16-symmetrical-10gb-for-119-utopia-347e64869977
UTOPIA users have access to 18 different ISPs. I feel like that speaks for itself right there. This is the future we all should have had.

It already is. My company runs hundreds (possibly thousands) of ARM64-based instances right now. It’s done great things for our cloud spend. We still have more x86 stuff than ARM because some applications just don’t perform as well on ARM, but I can imagine that ratio will change as software gets more optimized (specifically the JDK, golang’s compiler, and GCC/LLVM) and Ampere releases new systems with better single thread perf.

EDIT: Ampere, not Alterra. God damn tech company names.

You can run Asahi Linux on M1 MacBooks right now. If you didn’t see the news, they’ve even been able to run some relatively modern AAA games with decent enough frame rates. Granted that’s only the M1 macs, but there’s at least one relatively modern ARM laptop that you can run Linux on.

I’ll totally concede that the new Snapdragon laptops aren’t running Linux yet. It seems like Qualcomm is taking Linux support seriously, but I’m a bit skeptical as someone who has been absolutely fucked by a shitty Qualcomm kernel module.

I just wish that companies enabling passkeys would still allow password+MFA. There are several sites that, when you enable passkeys, lock you out of MFA for devices that lack a biometric second factor of authentication. I’d love to use passkeys + biometrics otherwise, since I’ve often felt that the auth problem would be best solved with asymmetric cryptography.

EDIT: I meant to say “would still allow passkeys+MFA.” hooray for sleep deprivation lol.

https://sourceforge.net/p/flightgear/flightgear/ci/next/tree/

This random git repo I picked from their source forge page seems to have some pretty recent commits. I’m guessing they just have a slow release cycle.

That’s basically all I use from my Anduril flashlights. I don’t bother with the candle modes and all that shit. I’ve only ever used Anduril v2 flashlights, so maybe Anduril v1 was less intuitive?

I like the shutdown mode because the moonlight mode thing it does is great at night. Like, I use it if I need to find something in my nightstand and want to avoid waking up my partner.

EDIT: also, hello fellow flashlight nerd. I’m writing this with an Emisar D4K in my pocket.

lmao, kinda. There are a fair number of flashlights that are sold with Anduril though. I’ve personally never installed it/flashed it.

EDIT: if what I’ve described sounds like an acceptable solution, you should check out the Wurkkos I mentioned. I absolutely hate lights that put a strobe between me and the the mode I want, and I’ve been very happy with mine.

Flashlights that use the open source Anduril v2 interface are… tolerable, I’d say. It’s not good, it’s not intuitive, but it does at least make it easy to just turn the damn flashlight on and off.

1. Click once to turn it on, once to turn it off
   • While it’s on, hold the button down to change the brightness
2. Click twice quickly to put it in turbo mode, click twice quickly to take it out of turbo mode. One click turns the light off
3. Click twice and hold your second click to turn the light on in turbo mode. Once you let go of the button, the light turns off. I actually really like this mode
4. Strobe is three clicks, but it’s not the discotheque-ass crazy strobe, it’s usually an SOS pattern. One click turns it off
5. Click four times to lock the flashlight. This stops it from turning on in your pocket. This is a big deal for some flashlights because they’re bright/hot enough to burn you if left on in an enclosed space. Four clicks takes it out of lock mode

The interface gets way more complicated after that, but I don’t bother with any of that shit. Luckily, it’s hard to accidentally activate the crazy bullshit.

There are also lights that mimic this pattern, but differ in a few key ways. The Wurkkos FC11 is a great option that’s relatively cheap. The 4000 K version is $35 and is bright with a nice neutral color temperature (I find it much easier on the eyes.) It follows the interface rules I outlined above except that it’s missing number 3 and the strobe is of the flashy hold-a-rave variety. Still, you have to specifically press the button 3 times in a row pretty quickly to trigger it. I never have accidental raves with mine.

Yeah, the time drift between the earth and moon is small, but it’ll noticable for latency-sensitive software.

God, I’d hate to be the dev that has to deal with relativistic time zone conversions. What a fucking nightmare that’d be…

Playing it blind is absolutely like that. In retrospect, I’m surprised that I stuck with it. I usually struggle with hard games! The atmosphere and mechanics were enough to keep me playing tho. Totally understand though, it’s not everything for everyone.

Starship landing was a success too! They landed right on target this time. There was still a bit of burn-through at one of the aft fins (much less than before), and it exploded a little bit after it landed. Hopefully they’ll be able to land Starship on the ground next!

Holy shit, really‽ I had no idea.

Smart Audiobook Player is different from Simple Audiobook Player. I actually didn’t know about Smart ABP, it looks pretty nice!

I agree, I’d prefer a FOSS option that’s self-contained. The only server I need is one that I can rsync books down from.

I haven’t seen it mentioned here, so I’ll rep for Noita. It’s an amazing rogue-like with great atmosphere and a really compelling world to explore.

There’s a chemistry/alchemy system in the game that is really detailed and fun to explore. The game’s tagline is “every pixel simulated,” and it’s not an exaggeration. Noita is like those falling sand games that were popular in the early 2000s, where each particle of sand could interact with other particles. Imagine that, but you’re a badass witch flying through the world and blasting motherfuckers who try to get in your way. Your wands can set things on fire or freeze them or melt them with acid or blow them up or other crazy shit.

The wand mechanics are incredibly deep. Like, it’s not “turing complete” levels of deep, but the rules for spells interact in incredibly interesting and exploitable ways. The feeling you get when you discover a powerful combo of spells is incredible.

The devs also have a cool policy of turning bugs into gameplay mechanics. I really can’t say much about this without spoiling things, so this one is hard to talk about. Basically, if someone finds an exploit, they oftentimes won’t “fix” it. Instead, they’ll take it and tweak it to add consequences for using the exploit, or they’ll balance it a bit to make it harder/remove a bit of the benefit. It’s a really cool approach and has lead to a great relationship between the devs and the community. They don’t take our toys away, they just make them work better in the world.

I played the game completely blind until I got my first win (it took about 80 hours of playtime), and I’d highly recommend that approach for folks who are willing to tolerate failure and who like to experiment. If it’s too frustrating then that’s okay, there are a lot of guides out there to help out new players without giving up too much. Many people describe your first win as you beating the tutorial, and there’s some truth to that.

It can be gruellingly difficult at times, but it’s just so damn good, and there’s so damn much of it. I have around 600 hours in in that game which is twice as much as any other game I’ve played.

I think they’re all top-level responses too. I took a random sampling of their comments, and they never respond to anyone else’s comment. That smells like someone being lazy and not bothering to iterate through comments when writing their dumb AI commenting script.

Like, just, what the fuck is this shit? There’s one comment from 8 months ago that looks real. Everything else is from the past week and reads like LLM drivel. Why would you bother? Is it just someone who is bored and wanted to see how long they could convince people?