Dogpiled

Yeah, like other people covered, it’s unfortunate but also very important. It’s easy to tie “visible wifi networks” to “surprisingly precise location on globe” in many places, so the permission is named for the worst case scenario. Yes, the app might just be looking for a wifi, but it also could use that same information to locate you, so it’s the location permission. Sensible.

If they wanted to support just this one feature without requiring a location permission, they could maybe have an API that is “are you currently connected to this opaque token” API where the app can ask “am I connected” and is just told “yes” or “no”. That’s probably safe enough. And then I could register the app with my wifi without the app even knowing what my Wifi is, it just gets a unique but random string.

The same is true of bluetooth. If I can list nearby bluetooth, I can see that speaker and this TV and guess location. But there could be an API that hides that, there just isn’t currently

Yeah, I think it’s just the way the blog post was written. When I was reading it I saw the first few paragraphs was basically “here’s how to do Cron with it”, and then everything after that was “here’s a bunch of other features it has that cron doesn’t and how to use those”

I don’t think that’s the wrong way to write this kind of article, but I could see it feeling overwhelming on a skim, because it may feel like you need to read the whole thing in order to get anything working. But actually only the start was necessary, and the rest was tasty feature pitch.

Sorry, I’m team gold. We’re real! I’ve never seen blue in the original image.

These answers will be theoretical, because it’s possible some browser or system will do things stupid and negate these positives:

It shouldn’t make things less anonymous, because different websites get unique passkeys made for them. This also makes them more secure, because if one site has a complete DB leak, that doesn’t impact other sites at all.

Also, the passkeys are used for auth, so there’s already no “anonymity” here, you’re logging into a website. They know who you are, at least which user you are, maybe not which human, which is as true as it was before with passwords.

Also they should require your device to ask you if you want to use the passkey, they’re not supposed to be automatically leaking to every site you visit without your knowledge.

Also, they are not stored via cookies. Unless you mean the login session, in which case that part is stored via cookies, but just the same way that a password login gets a session key via a cookie to use after you’ve logged in. So if someone can steal your cookies that’s already a huge problem, but they don’t get any extra information with passkeys. The actual secret material for a passkey is stored outside of the browser entirely.

The biometrics aren’t supposed to leave the device, they’re prompted for by the hardware on the device asking if you’d like to allow the keys to be used. The browser asks the passkey hardware “I’d like to sign this thing please” and then the hardware pops up the biometric thing as part of its decision making process on whether it should do that or not. Crucially this is not the website asking for biometrics, it’s your device. And if you unlock it, then it chooses to sign what it was asked to sign, and all the browser gets back is the signature.

In theory.

To anyone reading this that’s red-green colourblind, the joke is that the word “Red” is green coloured, and “Green” is red coloured.

I’ve encountered it very little, but when I encounter it it’s because I try to do something and it doesn’t work. So I check the permissions with ls -l, and it all seems reasonable. Huh, this should work. Try again, nope. Hmm. 20 minutes of trying random variations, strange results. Oh fuck, is this SELinux? Shit. Where do those configs exist again? How do I configure that? Google “SELinux cheat sheet” hmmm, I don’t have enough context to use that, Google “SELinux getting started”. Read tutorial, try to skim just enough to figure out what’s going wrong for me.

So I don’t hate it, I just haven’t ever had a use for it, but it has surprised me in a bad way before and cost me a lot of time and confusion, but I’ve never spent the time getting familiar because I’ve never had a use for it. And it comes up rarely enough I never remember anything about it by the time it bites me. I can’t even recall now what I was trying to do the last time I bumped into it.

Huh, that’s some fun psychology. Donations make me feel guilty and uncomfortable 😛

Good to know someone enjoys them!

To devil’s advocate in a different direction, most projects aren’t setup to actually do anything with donations. They could be, like if they had a stable income source they could hire people full time as a job rather then relying on volunteer time. And some of the larger projects are already at that point, and so maybe having more money would allow them to expand the team further. And some projects have a particular goal they’re trying to fund, like an external security audit, or some kind of certification process.

But for most projects, sporadic donations are like “hey cool, I guess. I’ll go out to dinner tonight” gifts of appreciation, because up until they become a solid full time wage, they’re not a solid full time wage. And once they are a solid full time wage, any further donations are like “hey cool, I’ll go out to dinner tonight” until they’re big enough to be a second wage 😛

I’m not saying we shouldn’t donate stuff, gifts of appreciation are still appreciated, I’m sure. But they don’t produce output.

Hmm. I’ve been in math, computer science, and computer programming for 20 years in English (Canada) and I’ve never heard “denary”. It’s cute, but never once heard anyone say it. So they’re not interchangeable to me 😛

Right, but here’s the trick: I can’t do the same thing twice. So if I write it ugly the first time, that’s the best that’s ever going to be. What a waste of its potential! 😅

I don’t think it’s the tickling thing. It’s a fair hypothesis, but it doesn’t feel right to me. To me I think it’s the emotional connection of doing something with another person, and the physical connection of two (or more) people working together. Like, I’d say that throwing a ball up into the air and catching it again just isn’t as fun as throwing a ball back and forth between people is, and there’s no biological imperative there. There isn’t a lust for tossing the ball with the boys. But it’s a group activity, and group activities fill a different need than solo activities, which is a different biological imperative.

So I think joinking it fulfills only part of the craving, but leaves other parts unfulfilled, which is why as soon as that part recovers the body is like “okay, let’s try again”

A classic I needed to send to a friend:

For an honest answer, from an Open Source perspective, it’s mostly auth, profiles, and discoverability.

Presuming I have a GitHub account, when I encounter a library or tool or something that’s hosted on GitHub that means I can fork it, make issues, comment on issues, make pull requests from my fork to upstream tied to issues, and generally have seamless interaction with any and all software on GitHub.

Or, if I have my account added to a project, then I can also merge PRs and push to master and be a maintainer of that software without any friction.

When I see that software is hosted on KDE’s thing it’s like “Ugh”. I have to login to that, and create a profile for that, and then figure out how tickets work there, and how do I contribute to that. It’s enough to just not, most of the time. And maybe I do that for kdenlive. Then I have a bug for Gimp. Okay, what the heck do they use? Is that another login? How do I contribute over there? Is registration even open? Okay guix, oh boy a mailing list. Do I want to subscribe to a dev mailing list just to submit a 2 line patch? I think I’ll just not… I’m sure someone else will fix it eventually…

So besides all that, some people like their GitHub profile, and like that people can see all the things they’ve contributed to from one spot. That’s why it’s often linked on resumes, but beyond that there’s also a kind of cultural cachet to having a diverse and positive profile, should someone look. If someone is a maintainer of a repo with a lot of stars, that might tell you they’re “important” even if you don’t know why. Because maybe you’re a JS programmer, but this person seems to be big in the Java community, because they seem to maintain a few high profile java libraries.

And then lastly, it’s sometimes useful as a shortcut in searching. “Source code” is kind of a useless term for searching, so if I search “ruby Ledger file library” I’m more likely to get some docs or a rubygems page, but if I search “ruby Ledger file GitHub” I’m probably going to get what I actually want, which is a readme and a git uri I can clone and play around with. Or a web view of the source I can search through to debug something without cloning. At least assuming that is what I want, it depends on what my goals are, but it’s useful often enough that I do it sometimes as a way of jumping to the source part.

I’m typically anti-centralization, and anti-microsoft, and if we all move away from GitHub I’m sure I’ll live, but this is why I like it despite its problems. And sometimes I want a webview of file contents, with search, without cloning, so sue me 😛

Since you seem like a good person to ask, which version of the movie do you watch when you’re craving a watch?

I don’t know the original author’s opinions on AI, but I think it’s still fair to say that it was clearly Copilot’s goal to steal all the code and be good, and they had all the code, and so ethics aside one would expect them to have succeeded with flying colour at whatever their goals were, even if those were bad goals.

But they failed instead, which is impressive.

You could check out “FAR: Lone Sails”. It’s a pretty chill game where you have a machine that you’re sailing/driving through platforming actions to the right. It has cinematic feel and a kind of environmental plot, but I don’t think there’s any way to lose or anything…

And if you like it, there’s a sequel “FAR: Changing Tides” that is very similar, but longer and with a more complicated machine to manage.

I could see people being bored with it, there are “puzzles” but they’re super light, but maintaining the machine scratches something within me.

I know it’s kinda off topic, but what I find even weirder are bands that are “one hit wonders” in one country, but have like 10 hits and a long career in another country.

They’ll have a whole wikipedia article of awards they’ve won you’ve never heard of, and tours they went on, and you’re like “they wrote more than one song!?”

Maybe we’re LONG LOST TWINS!!! 🙀