overview for xyguy

Jealousy [Nancy, 1951] in c/[email protected]

[–] [email protected] 10 points 4 months ago (1 children)

Its been taken over by a new artist and its a lot better now in my opinion.

https://www.gocomics.com/nancy/2024/07/12

Anyone knows of a good software for managing files for 3D printing? in c/[email protected]

[–] [email protected] 3 points 4 months ago

Octoprint is what I use. Slicing is probably the thing it woukd be least good at but all the rest is good. And theres an api to write plugins for if youre into that sort of thing.

“Immensely disappointing”: Nike killing app for $350 self-tying sneakers in c/[email protected]

[–] [email protected] 4 points 4 months ago (1 children)

The good news is that you can still tie them with an on-shoe button. But, you cant change the colors of the lights anymore. So basically garbage at this point.

Normal Rule At Work in c/[email protected]

[–] [email protected] 13 points 4 months ago (4 children)

I'm just gonna leave this here.

Goofy stuff like this gives the neighborhood some character in c/[email protected]

[–] [email protected] 2 points 4 months ago

Nope but iIm glad theres another one out there in the world.

Goofy stuff like this gives the neighborhood some character in c/[email protected]

[–] [email protected] 3 points 4 months ago

No! But im glad to know theres another pair out there somewhere.

Goofy stuff like this gives the neighborhood some character in c/[email protected]

[–] [email protected] 121 points 4 months ago (8 children)

Theres a house near me that has the 10 foot skeleton that they dress up for all the different holidays. Last year they got a second one. One of my favorite houses to looks at when I go by.

*Permanently Deleted* in c/[email protected]

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication in c/[email protected]

[–] [email protected] 2 points 4 months ago (1 children)

This is more like triple bolting the door but leaving a window open. There's nothing inherently wrong with the door, its still secure but you can bypass the secure option with a less secure method.

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication in c/[email protected]

[–] [email protected] 4 points 4 months ago

You also get additional protection because rather than each website holding onto a hashed (hopefully) copy of the user passwords that can be stolen in bulk, stealing the public keys for a passkey from a site wouldn't compromise the account. Someone would have to get access to your physical device or hack your password manager individually to get access to your passkey.

And and, the magic for most people is no more passwords and 2 factor stuff to deal with. The standard is still new, and in the cases where you want to use physical keys, its always best to keep 2 in case one gets smushed or goes through the washer. Some sites that have passkeys enabled only let you have 1 passkey. So in that case its kind of risky to make a passkey the only way to sign in.

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication in c/[email protected]

[–] [email protected] 2 points 4 months ago

This is the real takeaway, if you have a forgot password button that bypasses everything then none of it is anything more than a login accelerator.

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication in c/[email protected]

[–] [email protected] 18 points 4 months ago (12 children)

This is just someone siting in the middle and modifying a page not to show the passkey login option anymore and then stealing a password/session token.

As far as I can tell, this has almost nothing to do with passkeys specifically and would only apply in a situation where a website has a username and password fallback in case a passkey isn't created or isnt working.