I’m slowly moving away to open source, self-hosted applications where possible. Changed search to a combination of Gibiru and Yep. Email to a mailcow server I host on a vps, and I’m moving photos to an Immich server I’m setting up. Home Automation is next, I have a Raspberry Pi 5 to act as the Home Assistant server. And a few other projects in the works to split from Google as much as I can and mostly it is all better.
Because computers have come even close to needing more than 16 exabytes of memory for anything. And how many applications need to do basic mathematical operations on numbers greater than 2^64. Most applications haven’t even exceeded the need for 32 bit operations, so really the push to 64bit was primarily to appease more than 4GB of memory without slow workarounds.
Yes, this is exactly what it’s for, as well as Winnie the Pooh in China, LGBTQ+ materials in Florida, or any other ridiculous laws. As fascism is taking over many countries, including the US, UK, and other Western countries, they are pressuring content storing companies to add backdoors to allow hunting down dissidents.
Oh, and also this is a way to allow selling the content to train AI since it’s less obvious that it is allowed with this kind of vague wording.
“A New Stereophonic Sound Spectacular”
But it hasn’t always been free to file electronically. The government made it required for them to offer free versions for simple returns, but that was recent.
Also, access to the Internet isn’t universal. You’d be surprised how much of the US doesn’t have affordable Internet and a fair number don’t have Internet available at all, or limited to just dialup which is not very useful. And a lot of apps don’t work right on phone browsers, especially older phones, so then you need a desktop or laptop which a lot of people don’t have. Some have access in libraries, but a lot don’t or traveling to a library is a burden. And lots of other reasons that internet isn’t a given for a large portion of households. So paper is still not just necessary, but the easiest way.
Yeah, very limited, but it’s very good for more than half of the population that don’t have enough deductions to exceed the standard and don’t own property (if you properly count houseless “households” that earn income as not owning property and not just renters like most statistics). It’s dumb that they have to file a return anyway just to acres money that never should have been collected. Most just don’t know how to properly file their W-4 to not have taxes withheld in the first place. Mostly because they follow the directions and/or are afraid of paying a fine plus interest.
Anyway, it’s a step in the right direction. And if we can unbury all of the staff out of the pile of paper returns, we can devote some to go after the rich and their frivolous, often fraudulent deductions and have them pay the tax they owe.
Food and gasoline prices have skyrocketed. Infrastructure is a mess in most of the country so it takes longer and longer to get anywhere at peak times. Companies have cut costs in offices so they’re just crowded and full of distraction and germs. So yeah, lots of time and money is saved by working from home.
They’ll just call it something different and hide the size in small print. Or they’ll increase the price so that the large is still $.40 per oz since people don’t usually do the math these days and just assume larger things are a better deal. A lot of times they aren’t anymore because companies don’t care as much about selling a lot as they do about profit on the sale due to there not being much competition with all the consolidation.
I’m not saying it doesn’t count as authentication, it just doesn’t count as authentication to the security of the server directly. That’s the device’s security and configured by the user, not the server. And user devices are very prone to exploits to the point that many law enforcement agencies don’t even bother asking for a password anymore to access a device.
So, let’s move to a physical model as an example. Let’s say you have a door. It has a very simple door handle lock. You keep your key inside a hotel safe. Sure it might be difficult to get the key if they had to enter the hotel room, cut open the safe in place, and get the key while they’re standing in front of the secure door, exposed. But that’s dumb. They could just as easily grab the safe out of the room and open it later where there’s room for proper equipment, use a known exploit for the particular safe, or use other exploits all out of view of the door/server and at any time until the user realizes you know how to open their safe, because the door/server will never find out. Once that safe is open, you have not just the key to the door, but the key to all locks the user uses since now we only have “something you have” factors and the user uses only one device. Just like when we only had “something you know” factors and the user uses the same password everywhere.
So what does the passkey help with? It makes the lock and thus the key itself more complex. This makes it so that brute force attacks against the server are more difficult. But it doesn’t solve anything that existing TOTP over text messages didn’t solve, other than some complexity, and it eliminated the password (something you know) factor at the server. Something a lot of companies are already doing and we already know from experience is a bad practice. It has changed the hacking target to the device rather than the person. But still just one target, you don’t need both. Sure it’s better than a really bad password that’s reused everywhere. But it’s not better than a really good password unique to a site that’s only stored in a password manager on the user’s device that requires a separate master password to access (outside of MitM attacks that TOTP mitigates).
Now, what if we have a door with two locks, one that requires a code, and one that requires you to have access to a device. Now in order to attack the door, you need two factors right at the time you’re standing at the door. Also, there’s probably a camera at the door and someone paid to check it periodically when someone tries too many times, which isn’t the case in the user’s safe/device. So even if you get the key from the user, you still need to brute force the second lock efficiently or you need to implement a second exploit to get the second factor ahead of time. This is the idea of two factors at the server and the current state of things before passkeys.
But authentication to access the passkey is on a remote device. So the server doesn’t have any information about if or how authentication was performed for the person to access the key. If they use a 4 digit pin or, worse, the 4 point pattern unlock, it’s easy enough to brute force on most devices.
This is also why using a password manager is not two factor authentication. It is one factor on your device and one factor on the server. But no one monitors the security logs on the device to detect brute force attacks and invalidate keys. Most don’t even wipe the device if the pin is being brute forced.
Not related to the article itself, but I’m curious why use of archive.is has become so popular around here considering that they refuse to provide DNS replies without edns personal information attached? I’m not familiar with the politics involved, but a lot of DNS providers are getting blocked by archive.is for not providing that info, including my own home DNS server and cloud flare 1.1.1.1 and many others, so I’m surprised to see it gaining popularity on Lemmy.
Problem is that if the factor is not authenticated by the server, it doesn’t count. Not saying it’s not helpful, but it’s not part of the consideration when designing the security of the system.
The device can be attacked for an indefinite time and the server knows nothing about that. Or the device can disable that additional security either knowingly or maliciously and the server has no knowledge of that breach. So it’s still a single factor, “something you have” to the perspective of the server when considered security.
I’ve worked with healthcare data for decades and am currently a software architect, so while it’s not my specialty directly, it is something I’ve had to deal with a lot.
I don’t like passkeys yet because they’re implemented poorly on most platforms, IMHO, because they replace two factors with one. Some don’t let you also turn on two factor auth at all which is dumb, but the ones that do then often only have options that use your device as a factor either through text or email. So if the passkey is your phone and you add text messages as the 2 factor option, that’s still your phone. Or if your passkey is your laptop and you’re logged into your email on the laptop, it’s just one.
It doesn’t work, for point 1 very well though. The tech is fine, but the way it’s presented to users is that it’s way more accurate than it actually is. That’s marketing rather than a technical problem. Second, the tech is not as good at recognizing non-white people. It’s just a fact that there are more pictures of white people to train the tech on since white people have historically had more access to photography among other reasons. And the models used to create most of the tech was built to favor facial traits that are more likely to differ in white people.
So, the likelihood of high probability matches is much lower so the likelihood that the highest probability match that is made is actually much lower probability of it being an actual match means the bad matches bubble to the top and get accepted as real. And these kinds of uses are more interested in a “better safe than sorry” stance and they aren’t sorry about killing the wrong person, only about not killing the right one. So they’re perfectly as happy killing many people that are possible matches as they are one person that’s the correct match.
I think they were fine before, because they were offering the best experience for the people who want someone else to configure things for them and make decisions on privacy, security, etc., for them. Problem now is that they no longer offer much in the way of brand new user experiences that no one else offers, and additionally they don’t prioritize the user’s privacy and convenience and prioritize how much money they can make with the centralized user information they control and don’t allow the user to make decisions on their own privacy and security.
That will never work either. They’ll just transfer it to a subsidiary towards the end and then shut down the company. Then there’s no one to enforce the law on.
You don’t need Windows to use a computer. There are tons of flavors of Linux among other options. There are plenty of manufacturers who sell Linux boxes and you can always build your own. Microsoft just pays a lot of manufacturers to bundle Windows in the cost, but not all.
Which one? There are several. I personally like Cinnamon for a Windows-like experience since I have to switch back and forth to windows for work. And Plasma quite attractive if looks matter more.
Nah, lots of places try to make interviews as unbearable as possible. It’s “how they judge your ability to work under pressure”. Like my previous employer would fly you in seemingly with as many layovers as possible so you’re exhausted by that night. Put you up in a crappy hotel and make you come in super early. Put you in a tiny room and make you stay there for about 9-10 hours of intensive back-to-back interviews with a 30 min box lunch break. Pretty similar tactics as the military. And it’s not uncommon in tech.
Edge and Chrome are basically very similar at this point. Firefox is my browser of choice these days. It’s not perfect, but at least it isn’t anti-adblocking and doesn’t freak out when I block 8.8.8.8 like Chrome and the Google devices in my house. I’m moving away from Google as they move away from not being evil. Moving to self hosted stuff as much as I can for photos, email, file storage, and soon, home automation.