Posts by doublelayer

Re: Lose your device, lose your access

Let's take a user who has an iPhone but no Mac. They store their passkeys on their iPhone. They're the outdoorsy type so they end up climbing a mountain and dropping their phone, which finds a path of less resistance than they will and goes down the mountain really fast. They will never find it again or if they do, it will have found a boulder which doesn't want to absorb any of that momentum and generously transferred it all into destructive force. How will they get their passkeys back?

Option 1: the data is in iCloud, and option 1A iCloud or option 1B at least the store containing the passkeys is secured with one of those passkeys. They don't have them on a non-iCloud source. They won't be able to recover them. Either Apple can (1A), with or without their consent, or Apple can't either (1B).

Option 2: Their passkeys are stored in iCloud, and iCloud is not secured with a passkey. In this case, they can recover them if they can get access to the iCloud account with their password. Great, no data loss. Also, anyone who successfully obtains their iCloud password is in a position to do the same thing. So now iCloud is an insufficiently defended valuable target.

It works if you have an iPhone and a Mac on the same account and only lose one of them, at least the best option, 1B, does. Not everyone has that.

Re: Count me in, please.

And that's an annoyance that they should be trying to improve, probably using some kind of SSO system. However, if I use your numbers and make a couple assumptions, £100,000 per year and assuming 500 staff means £200 per user per year. I think their financial department will be sort of fine with this. IT should still improve it. Unless you were working on something easily weaponized, that is too many times you have to authenticate yourself. They should reduce the frequency where reauthentication is necessary and see if they can simplify the reauthentication process.

The problem is that there are some users who will react similarly when told they have to enter a password and enter a TOTP code from another device once or twice a day when they access the account with lots of money in it. There are times when the extra delays to getting to the place you need to be are necessary and the cost of the added security is more than worth it. In that case, the user's annoyance is not something you can reduce without removing the security and their disapproval of a change in system is not sufficient reason to do anything differently.

Re: Single point of failure

To be fair, a lot of those would have applied earlier. If someone was robbed before the dominance of smartphones, they would still not have any cash and, unless the thief was considerate enough to leave them payment cards, no card to use to get a cab. The only methods left would be walking home with a better memory of how to do so or calling a friend with a memorized number, both of which are still possible* and done by a lot of people. Most of the people I know don't use navigation apps routinely when traveling near their home, and even those who do do so because the apps are reporting on traffic rather than because the users don't know the way.

* Finding a place where you can make a call is harder than when there were public phones, but there are probably a few businesses who will let you call if your phone has been stolen. Of course, you had to pay for the public phones, so it wasn't necessarily perfect then in a post-robbery situation.

Re: Count me in, please.

A non-unique user ID is not a fault of passwords. Passkeys will still do that. There are advantages to them, but don't give them credit for things they don't fix or would be fixed regardless of the authentication mechanism.

Similarly, passwords can be a pain, but passkeys can be even more of one. For work-created accounts, it is often less of a problem. IT can manage a lot of the work, they already figured out where they're stored, and if the laptop is stolen or accidentally smashed to bits by a train, IT probably has processes for revocation and regeneration, or if the keys can be proven destroyed rather than compromised, maybe even restoration from a backup. The average user does not have any of those things. By now, they've mostly figured out how to have a password and write it down. Passkeys are less convenient in every part of the process except the logging in from your computer part. This doesn't mean that we don't use passkeys. It means we have to understand why they will be unpopular so we can fix whichever of those elements we can fix and build up the experience necessary to train users in those parts that can't be improved.

Re: Count me in, please.

If they are actually unable to do their work, it might be. If they are able to do their work but they have to do something they don't feel like doing, that's theirs. Everyone's had that. Sometimes there's a good reason, like using SSH keys instead of passwords. Sometimes there's a reason that makes sense for the business even if it doesn't directly apply, like switching a software provider because they charge less money. Sometimes, the reason is bad, like switching software provider because they bribed someone to switch. However, in none of those cases would it be IT's fault that users have to learn and then do something new. If what they need to do is still possible, and equally or more feasible to do, then that's just an annoyance. They can complain about that and see if the annoyance can go away, but if they claim that they can't work even when they can, they are demonstrating their own lack of skills.

Re: I solved it

You wouldn't have to. TOTP authentication is supported by a bunch of libraries. If I'm understanding their account system, all you have to do is create a TOTP login system the normal way where it's a second factor, then remove the password field so TOTP is the only securing factor. You don't need to buy that from someone else.

Whether you should build it that way is a different question. For a lot of users, that is going to be confusing, no more secure than passwords, and more easy to lock out. Without actually collecting some contact information, the method of account recovery described will be fragile at best. If you do collect contact information, users are used to being able to reset their password without having to pay fees for it. Theoretically, it lets people who are motivated to secure their own accounts lots of room to do so by adding security to their TOTP provider, but such people can already do a lot of things even if it was just a password.

Re: I solved it

"The entire system is completely PII-less."

Except, presumably, for the payment method you use to charge them for account-related actions, which is either the PII-rich payment card or the will-drive-away-most-users cryptocurrency wallet with mandatory minimum holding so you can charge these fees.

Re: Passkeys have been destroyed by Google

Several of the points raised in that blog post are good, but there are a few that I think are missing the point.

For example, one objection in the post is that Google decided not to implement restrictions on providers of passkeys. The point that Google can effectively change the standard by not bothering to implement things they don't like is certainly valid, though it's not like they actually changed the standard and anyone else could also just ignore parts they don't like. However, the specific thing they didn't implement was so bad that I'm glad, and a bit surprised, that they didn't do it. Effectively, it was a way for sites to block key generators, meaning that they could easily restrict you to using one of their choice. That is a terrible thing. For example, if one site gets you to use their key system because it's the only one they accept, it's likely to get users who use that key system to store everything else. Privacy lost in ten lines of code. The argument for why you need that is "a business where we have policy around what devices may be acceptable". To me, this sounds like every other business who thinks that everyone's computer should be locked down so that their preferences are easy to enforce. I don't like it. Businesses can implement their own filter. For instance, they could not let me install software-based key managers other than the ones they like and could block hardware-based ones so only authorized ones work if connected, or they could just tell people that other ones are not allowed and that there will be consequences if you ignore that. Google did a lot of bad things with these, notably the comments about Android's treatment of them, but blocking the Authenticator Selection bit is welcome to me.

Most of the challenges I see with passkeys are not due to deliberate messing about by tech companies. They're challenges inherent in the model. I use a hardware token to access things. I know that, in order not to be locked out, I need to have a backup something, in my case another token. I have to pull it out and enroll it any time I enroll the first one. I have to keep it safe in the meantime. If I should ever lose both of these, there will be a bunch of annoying problems to get around. If I want to access something on a different computer, there will be friction. Maybe I left mine at home. Maybe the computer I'm connecting to doesn't have USB-C ports and I don't routinely carry a USB converter. None of that is Google's fault, and none of it is simple to explain to users. Passkeys were sold as a panacea to the problems of passwords, and they can be a massive improvement, but they aren't an improvement for every user or every use case.

Re: I did rm -rf / once

A lot of the time, /bin/ls is going to get deleted before glibc does. So either way, that command isn't going to be available. A few things will still work. Fortunately, my run of this was not a result of an accident. I had a machine I used for an experiment and I was going to wipe it anyway, so I took the opportunity to run the command, let it finish, and see what could still be done.

Re: Bold move

"But then it could do that because VMS had file version numbers, lack of which in Linux still pisses me off, thirty years after I stopped using VMS. Come on, Linus, how hard can it be?"

That's not a kernel responsibility and a lot of people wouldn't want it. If you want it, that should go in the filesystem, and there are a bunch of filesystems available with features similar or possibly identical to what you're looking for. Filesystems with automatic snapshots of various kinds are available for that, and they all have the cost of a lot more disk usage, both space taken up and writes to the hardware, to manage it.

Re: Bold move

People delete old backups all the time for various reasons. I've disabled a text editor's automatic backup procedure because it created a lot of clutter and frequently didn't clean it up later. There was a cost in that I had to manually track things that I might want to return to and I had to rewrite them if I failed to do so, but I haven't suffered too much by having to do it. I've also had lots of scripts whose purpose is to clear up old backups after new ones are created to save on disk space. There are rules for how many backups there should be and which old ones should be skipped in the deletion process. I have a few programs that intentionally write temporary data, which is sort of a backup in that it lets you resume a process from halfway through, on a ramdisk so that if the computer goes down, that temporary data is cleared, because I intentionally chose to require me to start from scratch rather than have potentially wrong temporary data create a flawed product. Automatic backup removal is pretty common.

Re: what does ~* do?

It could be one of those situations where there is one more or one fewer level of escaping than you expected. I've certainly experienced it as I learned things, things which I would have to escape when I was typing them on the shell, but now that a program I wrote was doing it, the escaping was done for me. Usually, that led to one more level than I needed and the commands just didn't work, but it can go the opposite way where you assume it will do that and it doesn't. Or it could have been a path thing, where a script was running in a working directory different to where the user thought it was, which could easily turn into something too close to root if there was a "cd .." somewhere in there.

Re: 15 years of experience as a programmer...

I'm guessing this piracy operation was being paid by enough customers that they could pay well for the services of this programmer. I doubt it was a choice of desperation. There are people who would do all sorts of illegal things for a multiple of their current salary, even if their current salary is pretty nice.

If the financial software was specifically designed for committing fraud, the developers should be and are punished for it. For example, the Madoff Ponzi scheme programmers were imprisoned for knowingly writing the software to automate the scheme. The programmers at FTX who knowingly built in the theft capability have been charged and pleaded guilty for that.

If you're just writing innocuous code and it is used for a malicious purpose, you usually aren't charged and I don't think you should be. For example, if someone was contracted to write a video streaming system which was used, without their knowledge, for this site, they shouldn't be charged. There is an unclear area where you're writing code that could have legitimate or illegitimate uses. In this case, it's not that hard to realize that this is category 3: he knew what he was doing it for, he knew it was illegal, and he decided to do it anyway. That kind of thing has always had the chance to land you with criminal consequences.

Re: <shrug>

Most of them do, and those that don't tend to have things that are hard to find elsewhere. For example, while I don't have it, I understand that one of those is mostly a service that people outside the UK subscribe to in order to watch stuff made in the UK. They may not have anything original, but since you can't officially watch all the BBC content without a UK address, it may end up working the same way.

On the other end of this, I was assisting a professor and marking assignments. The assignment involved taking a blank file (of a specific format) and performing several different operations to it before closing it. I was running the answers to see if they met all the requirements, and a few students did successfully do all the things they were supposed to, but only if there was an existing blank file. If there wasn't, their programs crashed. I marked them down for that. When one of them complained, we debated whether that was a legitimate way of completing the project as assigned. I still maintain that it wasn't, because the instructions said "open a blank file" and the function you call to create a blank file is open(), but we ended up returning the points I took away. Fortunately, I convinced the professor to modify the assignment to clarify that they should create one so the next time, students could be safely marked down if they didn't.

A lot of people think specs will include enough details that you don't have to think, but I've almost never actually seen such a spec. You either have to ask for instructions at unspecified behavior or you have to figure out what would be logical in the case. Of course, we also have your example of a spec that did clearly specify behavior but they didn't want it, which is quite common but at least they can recognize that when you point to the error.

Re: Natural Selection in action.

Not necessarily. Fortunately, the equipment could be built such that it didn't fail when moved violently. If that wasn't feasible, it could be a correct design to require that people not move it violently and design around something else, for example building in something so the user can quickly drop it to start using the cutter instead. Sometimes, the thing a user wants to do is not the one correct usage which must be accommodated, which is good because sometimes what the user wants isn't feasible to give them.

Re: The boxes are labelled on the outside

That works equally well no matter how you note the contents. Under the theory in the comment, when they were using paper, they only cared about the outside of the box, but with scanners, they now cared about scanning each of the contents. That theory doesn't make a lot of sense. I think it is likely wrong.

Instead, I assume that the people cut open the box, put the cutter down, and wrote down what they saw inside. Then they got scanners that looked like they'd work just fine as handles and decided they could speed this up a bit. Requiring them to put the cutters down wouldn't have decreased their speed relative to the paper method, but making them more robust would have helped with speed at least somewhat. Of course, my theory is only another one and I can't prove it either.

Re: Common-Sense Failure

And there are a number of possible solutions to that. For example, you could attach the scanner to the user so that they could drop it without it landing on the floor. Or you could give them places to put it down which are convenient for picking it up. In fact, they probably used the taping method only because this scanner was shaped conveniently for use as a handle. I've seen such devices in a variety of shapes, not all of which would work very well taped to a box cutter. There were a number of good options, and although making them more robust worked in this case, there are times where it might not be a feasible option and a different workaround is preferable.

Sometimes, especially with internal software written specifically for one set of users, that is the best approach. You can get away with the opposite under either of two conditions:

1. The people specifying what they want are very knowledgeable and have already designed something perfect. You just have to make sure your code does exactly what they said. If you're working in an environment like this, I have one piece of advice for you: don't wake up.

2. You don't care whether it works. You get paid if you build what they asked for, so you build that. If it's broken, that's their problem.

If you're not in either of those, you will need to work with users to figure out what they need, and if you can, presenting them with a partial solution and getting them to fill in some blanks is more efficient than talking to everyone and trying to distill what you need from the conversations. It doesn't always work, and trying to be Agile when you can't do that is a recipe for disaster. However, sometimes the other options also don't work, and doing Agile right can be easier to force than getting perfect requirements.

If you're building something else, this may not apply as strongly. Mass-market software still needs some user testing, but a different kind than internal use. Since you'll be selling it to a larger number of users, it needs to be more generally useful rather than narrowly targeted to your testers, even if it means that their tasks aren't as simple as they could be.

Re: Did you sign a contract?

Why do you see their actions as defending the community? Defending them from what? So far, the things they've done that affect the community, as opposed to just WPE and themselves are the following:

1. Forking a WPE-developed plugin without clarifying why and whether they'll keep up with fixes and improvements.

2. Broken access to updates to any customer of WPE.

3. Cut off WPE funding to community events.

4. Demanded extra control over any community event or organization to prevent them from saying nice things about WPE.

5. Released information about current and former WPE users and sites to the public to brag, information which probably but not definitely won't cause those users problems.

What has WPE done to the community that makes them worse? I have nothing so far. Their biggest "crime" is that they haven't given Automattic, not even the Word Press Foundation, but the for-profit company, lots of money. A lot of other Word Press hosts haven't done that either, but somehow it's WPE that is solely at fault.

That's why there is negativity. If this was yet another argument about money, we might decide who seems sympathetic based on opinions about private equity. Automattic have made it easier by breaking a lot of things for a lot of people, not just the company they dislike.

In my experience, storage is both the most commonly damaged component in a desktop, only exceeded by a laptop battery which doesn't apply to this, and the most common spec where users want to increase it before there is a problem with the rest of the computer. I might agree a little more if we were talking about RAM upgrades, because a lot of people don't know when they're doing something RAM-intensive and therefore don't bother to upgrade it. Running out of storage space and not wanting to delete the files there is something that a lot of users can understand and some of them want to do something about it.

Re: inferior to Intel and AMD desktop chips released three to five years ago.

Of course it runs Linux. They've intentionally matched as much of the X64 interface as possible, including typical firmware. Compatibility is the point of Zhaoxin, which is partially why their efficiency is lower. Drivers are always a possible problem, but most of them are probably the same as the Intel and AMD-equipped X1s and I'm guessing there are Linux drivers for anything else in there because at least some of the people who are willing to buy a Zhaoxin-equipped laptop are going to run Kylin on it and those drivers would work on other distros.

If they were going to do that, it probably would be a little more hidden than that. A firmware component that connects to the internet is possible, but shouting out that it exists would break the intent. Also, if they were going to do that, they wouldn't only do it for the Zhaoxin model unless they're trying to spy on Chinese government users, who are the only people who will buy it. You are welcome to try. In fact, I'm happy to try, although I'm not going to buy one, but I would do the analysis if someone asked. But I doubt you'll find it as interesting as you expect.

Re: Microsoft remains its own worst enemy

You can buy a retail version easily. It isn't distinct from X86 versions, and the license key process is basically the same. What isn't as easy is making it actually install where you want it, and that's because ARM isn't standardized in the same way X86 is. So for example, you can buy a license key and run it in a virtual machine host on an ARM Mac, and you've been able to do that for quite a long time. If you want to install it directly on the Mac concerned, it's not going to work, but you are welcome to try without any guarantee that anything will stay the same.

Re: Value proposition

I think the main value proposition for users is better battery life, which is something people comment on quite frequently with ARM Macs. Most of the other advantages of current ARM-powered laptops are things you could get elsewhere. For instance, although they can often come with 5G support or an NPU, if you need one or both of those, you could get them on an X64 machine or add them externally. Still, some users may want an integrated unit and choose this anyway, so access to that market could be a good reason to do some level of development.

For a lot of software, it can be as simple as changing a compiler target and building two binaries. There are always exceptions and things for which ARM won't work without a lot of effort, but a lot of basic software isn't using anything complex enough that a direct cross-compile wouldn't be good enough.

They've said quite clearly that they think it doesn't exist, because they say "Adobe Photoshop can technically run on Arm through emulation" even though it can also technically run on ARM using the native binary. I think this author is behind the times.

The problem with that is it makes it hard to know whether the author understands what they're talking about. I don't have a clue whether Photoshop's native ARM build runs properly, and I neither have a Windows on ARM machine nor use Photoshop, so I'm not going to find out. With an author who isn't aware that it's an option that they should have included in their analysis, I also have to question whether their judgements on other aspects are correct either. So far, I have not considered a Windows on ARM machine because I don't know how good the emulation is. I have software which doesn't and isn't going to have an ARM build, so that could be a limitation if the emulation isn't good enough. I'm also hoping that Linux support will get more thorough; even if a user runs Windows most of the time, I appreciate having options.

Re: who's responsibility?

Some of that is true of a significant subset, and a lot of that is just the typical intergenerational stereotypes that always crop up. For example, teachers annoyed that their adolescent students aren't paying attention and don't put the dedication into their homework that they should... nobody's ever said that before. It simply didn't happen before 2010.

Another one I can explain is the office environment. Yes, people wear headphones. They wear those because there are no walls and they want to reduce noise pollution so they can work with less distraction. Some of them might be playing music which they think helps them work. That's not antisocial, it's attempting to improve productivity. People of all ages can get annoyed at interruptions. Unless they called you there, there's a chance that they were working on something and don't particularly want to talk about your thing, hence the negative reaction, and one I think you're likely overestimating because most people have learned not to show their annoyance at interruptions that they can't prevent.

Other ones are less clear. I could try to explain the changes in etiquette that has reduced the acceptance of just calling someone when you want to speak with them. However, there are some people who dislike calls even outside of that. However, I'm not sure you would care about those different subsets as you've already decided what the explanation for all these things must be.

I'm not sure why you chose that comparison. The complexity of a process is not the number of steps, but the sum of the complexities of those steps. A two step process of 1) deactivate the safety systems on the nuclear reactor, manually preventing anything from going wrong and 2) rearrange the parts so it works on a different type of fuel is a lot more complex than a forty-step process for cooking instructions where a single step might read "remove bag of flour from cupboard" and the next one "place it onto a work surface". We're not going to get anywhere by counting list items.

Nor are we going to get anywhere by debating about the complexity of pushing the "change country" button. The EU's complaint is not about the user interface and how hard or easy it is to find that option. It is about other problems, for example the problems of what happened to the stuff you had in your previous country, which seems to divide itself into two big categories: 1) you have to buy it again and 2) you can't even buy it again. That, of course, is merely one list item. You've repeatedly suggested that you disagree with Apple's choices, so the entire debate in this thread seems a little weird. Having discussed with you before, I know you tend to defend Apple on most things, but since you disagree with them on this one, what is the objection you are raising?