iamkale

iamkale, 8 months ago to python

TIL Python 3.12 introduces a new command line interface for simple querying of SQLite databases 🎉 🐍

python -m sqlite3 [-h] [-v] [filename] [sql]<br></br>

https://docs.python.org/3.12/library/sqlite3.html#sqlite3-cli

#python #sqlite

iamkale, 1 year ago (edited 1 year ago) to random

Apple is implementing JPEG XL support in Safari 17 while Chrome is dropping support due to a perceived lack of interest (despite major public support for the codec)? This continues to be the strangest timeline 🤔

If you've never heard of JPEG XL before, this site hits all the highlights about why it's such a great codec to replace JPEG (and a lot of other codecs too...): https://jpegxl.info/why-jxl.html

#jpegxl

iamkale, 8 months ago to Nintendo

"Nintendo account used passkeys. It's super effective!" 🎉

This is surprisingly ahead of the curve for Nintendo, but as a die-hard fan I'm really happy to see them offer this! And it's not just for second-factor either 😌

https://en-americas-support.nintendo.com/app/answers/detail/a_id/62531

#nintendo #passkeys #webauthn

iamkale, 1 year ago to random

Holy smokes, this is a fantastic article on Ars Technica about Google's #passkeys support, and includes succinct descriptions of common #WebAuthn flows. Kudos to you, @dangoodin 🥳

And the promoted comments are perfect send-ups of all the bad takes that people love to bring up in the comments section of anything talking about WebAuthn and passkeys 👨‍🍳 💋

https://arstechnica.com/information-technology/2023/05/passwordless-google-accounts-are-easier-and-more-secure-than-passwords-heres-why/

iamkale, 4 months ago (edited 4 months ago) to microsoft

I'm trying to manage my Microsoft Account protections, with an ultimate goal of protecting it with a passkey and maybe dropping my password to make the account truly paswordless. However I'm running into some weird idiosyncracies on https://account.live.com/proofs/manage/additional that have prevented me from achieving this:

1. I couldn't actually see the WebAuthn option at all in the latest macOS Safari - I had to switch to macOS Chrome before the "Windows Hello" option appeared that let me then register an iCloud Keychain-synced passkey.
2. I removed my phone number as a second factor because SIM jacking is a thing. However the next time I tried to log in I was prompted to add my phone number to "never lose access to your Microsoft account"...but I have other BETTER second-factors configured, so why would I want to continue to allow use of weak SMS OTP? At least I could cancel out and continue on without giving them my phone number again...
3. Attempting to turn on "Passwordless account" forces you down a path that wants you to set up the Microsoft authenticator app. But I already have a synced passkey in the mix, so why are you bothering with app-based push? Push bombing is also an easy way to get past 2FA protections.

Another example of how the left hand doesn't know what the right hand is doing...

#microsoft #passkeys #passwordless

iamkale, 8 months ago to chrome

Chrome Beta 118 on macOS 13.5+ can now access iCloud Keychain passkeys! This means we'll be able to create and auth with the same passkeys as Safari! 🎉

According to the Chrome roadmap, Version 118 is set to become the Stable release in the beginning of October:

https://chromestatus.com/roadmap

#chrome #passkeys #webauthn #macos #icloud

A screenshot of the Chrome settings page confirming that this is Chrome Beta Version 118.0.5993.11

iamkale, 8 months ago to random

Just a heads up, 1Password users: the browser extension just got updated with support for passkeys.

See the changelog for more info:

https://releases.1password.com/b5x/stable/#1password-in-the-browser-2.15.0

#1password #passkeys #webauthn

iamkale, 5 months ago (edited 5 months ago) to passkeys

Wow, Discord just launched support for passkeys for everyone today!

The app calls them "security keys" everywhere, but I had no issues registering and authenticating with an iCloud Keychain synced passkey.

It's only 2FA for now (I still have to provide a username and password) but they announced their intent to take things all the way:

"Now that our backend supports WebAuthn our next aim is WebAuthn-based passwordless login. Stay tuned!"

Love to see it 🎉

https://discord.com/blog/how-discord-modernized-mfa-with-webauthn

#passkeys #discord

iamkale, 8 months ago to random

It's 2023 and I still can't wrap my head around the fact that I can't freely move my cursor around the terminal, either by keyboard or by mouse, like I can a text editor. I know Ctrl+A to jump to the start of a line, but it's Opt + Arrow keys for anything else.

It's muscle memory at this point, sure, but please, someone, anybody: there's gotta be a better way.

#commandline #nosiridontlikeit

iamkale, 4 months ago to passkeys

This is the future that #passkeys stole from us 😤

iamkale, 11 months ago to random

lol holy shit look at all this personal data Facebook wants to hoover up when Threads, their ActivityPub fediverse thing, launches on July 6th. I'm not surprised honestly but it still sucks to see knowing how many people this will impact.

#Project92 #Threads

iamkale, 11 months ago to random

Google just dropped a new #passkeys explainer, "Understand passkeys in 4 minutes" 🎉

https://youtu.be/2xdV-xut7EQ

iamkale, 4 months ago to node

I can't believe Deno gets you a testing framework AND coverage reports without any additional downloads. 2010's me would have killed for something like this instead of the weird soup that was mocha and sinon no wait now let's use jest oh and don't forget nyc er wait it's istanbul now and...

https://fosstodon.org/

Love to see it 😍

#deno #javascript

iamkale, 9 months ago to random

Client-side "please disable your ad blocker" notification, meet my browser's Reader Mode 😂

iamkale, 8 months ago to iOS

I stumbled into some insights today into RAW-style photography with an iPhone 14/15 Pro. So with HEIF Max you can take a 48MP photo, benefit from all of the same customizability of a RAW photo, and average 5MB a photo, versus shooting in ProRAW at 48MP with an average filesize of 75MB?

What kind of technical wizardry is at play here? Just better data compression? Or maybe there's some trade-off here that I'm not understanding?

#ios #photography #iphone

iamkale, 9 months ago to microsoft

What a tremendous "fuck you" by Microsoft to users who don't live in the European Economic Area:

In the European Economic Area (EEA), Windows system components use the default browser to open links.

They can totally make Win11 respect the user-selected default browser when opening links, but choose not to and force Edge on users instead when the law doesn't require it. Time for another anti-trust lawsuit? 😏

https://blogs.windows.com/windows-insider/2023/08/25/announcing-windows-11-insider-preview-build-23531-dev-channel/

#microsoft #windows

iamkale, 5 months ago to python

Attention Python WebAuthn devs: I'm contemplating removing Pydantic as a dependency of py_webauthn due to maintenance burden related to the Pydantic v2 update. For more context, and to chime in with your support or questions, please check out the following GitHub issue:

https://github.com/duo-labs/py_webauthn/issues/196

I've got a PR open too that has all the work completed, I'm just waiting a few days now to see if anyone has compelling reasons now to move forward with this:

https://github.com/duo-labs/py_webauthn/pull/195

Thanks for your feedback 🐍

#python #webauthn #passkeys #pydantic

iamkale, 1 year ago to random

To be clear here I WANT @1password to support passkeys. I'm a long-time customer because I think it continues to be a really great product, and truth be told I'll probably keep my passkeys with them too.

But passkeys are under such scrutiny right now that any slip up (e.g. account breach because multiple factors of auth are never actually collected) can damage the public's perception of the tech and prevent it from taking off.

I'm sure this will all get cleared up before too long, but it's still worth calling out for the sake of the greater ecosystem.

#1Password #webauthn #passkeys

iamkale, 6 months ago to meta

I ended up on Meta's cookie notice somehow through Threads last night, and instead of blindly clicking "Accept" on the cookies banner I actually took the time to read it and see what i could turn off. Instead I found a page so intentionally hostile to users I couldn't believe it:

• On mobile you can't zoom the page out to see everything in portrait mode, so the right side of the page is cut off unless you flip the phone to landscape
• The page lists all 35 cookies that might be set in the course of using one of their sites, and even breaks them up into strictly necessary, analytics, functional, advertising, and social media cookies, which, like, cool but also yikes!
• You're assured "you are given the option to fully or partially agree to placing cookies and similar technologies on your devices" but there's no actual ability to control any of this from the page...
• There's a CTA to "read such information carefully and keep yourself up to date by periodically re-visiting the Cookie Notice" which is so laughable, no one's doing that
• If you have any questions they say to "contact us" and then immediately after is an unclickable "Meta" and nothing else

Wild what they're allowed to get away with

https://engineering.fb.com/privacy/

#meta #cookies #gdpr

iamkale, 7 months ago to random

The EFF published a pretty optimistic article about passkeys and privacy 🎉

For most purposes, passkeys will represent a significant improvement in security at nearly zero cost to privacy. As described in the previous post, there are still significant growing pains in the passkey ecosystem, but they will likely be resolved in the near future.

https://www.eff.org/deeplinks/2023/10/passkeys-and-privacy

#passkeys

iamkale, 7 months ago to random

It looks like BitWarden is following suit with 1Password and returning "uv:true" in WebAuthn authentication requests even though the user isn't prompted for anything more than to confirm the use of a passkey. The unlocking of the vault is considered the user-verifying event...

As an end user I appreciate the streamlined experience. But as an RP I'm disappointed - what if vault unlock occurred 5/10/30 minutes prior? Someone could cruise by someone's desk when the vault is unlocked and auth as the vault owner and the RP would be none the wiser 😢

It's a tough middle point that passkey providers have to try and find 🥴

#passkeys #bitwarden

iamkale, 7 months ago to random

Anyone here going to Authenticate 2023 this week? I'm giving two talks tomorrow - "Demystifying WebAuthn and Passkeys," and "Tips for Painless Passkeys." Feel free to say hi if you see me there!

https://authenticatecon.com/event/authenticate-2023/

#Authenticate2023 #passkeys #fido #webauthn #authentication

krypt3ia, 4 months ago to random

So, I’ve been creating posts again, but, I think I’ve sussed something out. People aren’t reading anything anymore. Unless it’s 240 characters or less…

cendyne, 4 months ago to random

Google discovered and indexed my sticker archive. Oops. Time to Noindex that

iamkale, 4 months ago to random

Where tf are all these campaign text messages coming from? I know elections are coming up but when did I consent to receive these?? And is the best way to stop them to really respond STOP to each? Seems that just gives them confirmation that a real person is on the other end.