MostlyHarmless

joined 1 year ago
[–] MostlyHarmless@sh.itjust.works 9 points 10 months ago (1 children)

I played it on Steam Deck. It was great. Act 3 was a bit slow, but I didn't mind.

I am thinking of getting it on console so I can experience it with better resolution

[–] MostlyHarmless@sh.itjust.works 5 points 10 months ago (2 children)

This article is so misleading. XMPP died for the same reason all technology dies. No one used it. Even if Google hadn't ever used it, it would still be dead. I know this because Google Talk and ALL Google chat apps are dead. WhatsApp killed them all.

[–] MostlyHarmless@sh.itjust.works 0 points 10 months ago (1 children)

What point was that? If you don't join Threads, they don't have your data. They do have everything you publish to the Fediverse though, no matter what you do.

[–] MostlyHarmless@sh.itjust.works 0 points 10 months ago (3 children)

They can already harvest the data. Nothing on the ActivityPub is private

[–] MostlyHarmless@sh.itjust.works 3 points 10 months ago (2 children)

I would like to point out that xmpp still exists. Google Talk does not. WhatsApp killed xmpp, not Google

[–] MostlyHarmless@sh.itjust.works 3 points 10 months ago (6 children)

How is Threads going to breach your privacy by federating with your instance? How is de federating from Threads going to protect your privacy?

[–] MostlyHarmless@sh.itjust.works 2 points 10 months ago

It's not the last book. It's how the seventh book, Persepolis Rising, starts.

[–] MostlyHarmless@sh.itjust.works 14 points 11 months ago (2 children)

Humans have asymmetric features. No one is symmetrical

[–] MostlyHarmless@sh.itjust.works 2 points 11 months ago (1 children)

Which just had some leaks about how insecure it is.

Windows Hello didn't. The hardware wasn't implemented correctly allowing the authentication to be bypassed. You misunderstood the issue here

They sync shit using iCloud...

They sync the public key with iCloud, not the private key. You misunderstood how it works.

It doesn't matter how many keys deep you have to go.

There is no "keys deep" there is a public/private key pair that authenticates a single device with a single account. You have misunderstood how a local key store works.

The compromised item is already obtained when you obtained the device.

Which means someone trying to access my account requires physical access to my device. Passwords, no matter how strong leave you open to remote attack.

Can you tell me the process to revoke the private key from your fingerprint reader on your phone?

Open the authencator app and remove the account. Or uninstall the authenticator app. Or delete your local phone account. Or factory reset if you want to go nuclear.

Alternatively if you lost your phone, go to the account online. Browse to the security section and delete the device from the list. Most services have the ability to sign out remotely. All that's doing is revoking the key. The phone doesn't have to do anything. The fact you think something needs change in the "blob" shows you do not understand how encryption works.

If I were to bump into you, and lift your phone.

Again physical access, not remote access. Much smaller attack vector than a password.

It puts all the power into another companies hands... and takes ALL of it out of yours.

You think passwords take power from the company that stores your passwords remotely? You have no idea how they are storing that password. You don't have to trust the company, you just have to trust the open standard these companies are implementing and that public/private key encryption is the standard used to secure the entire Internet.

Also, whats more likely... that you break a device or that a user CANNOT learn how to use a password manager?

Virtually no one uses a password manager. It's too much hassle.

[–] MostlyHarmless@sh.itjust.works 2 points 11 months ago* (last edited 11 months ago) (3 children)

There is no service on the face of the planet that strictly accepts tokens from Bio tools. Simply using Bio doesn't stop those online from bruteforcing the underlying password.

https://support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43

https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

https://techcrunch.com/2022/09/12/apple-passkey/

No. I "Spread FUD" because I understand that a good password MUST be revocable. Which Bio CANNOT be. Bio is a username.

Incorrect because your bio is not the password, the private key is. The private key is revocable. Your bio just unlocks your hardware key store and makes the private key accessible to the software.

This is what I mean when I say people do not understand biometric authentication.

[–] MostlyHarmless@sh.itjust.works 4 points 11 months ago* (last edited 11 months ago)

No, wrong. Still two factor because your fingerprint plus your device.

These authentication methods aren't as simple as the two factor Google Authenticator 6 digit number. They are cryptographically secure keys. Even if someone finds out what the token is, they still cannot send a valid request because they cannot generate a digitally signed request using the private key locked in your device's hardware, unlocked by your biometrics.

Passwords are inherently insecure and relatively easy to break. Digital signatures and secure tokens are almost unbreakable

view more: next ›