Actually, this is now a solved problem. Root-of-trust pattern.
- Use Bitwarden or similar
- Set BW to recognize the Yubikey as one (of several, incl. TOTP ('Authenticator') code) second factor.
- On all other sites and services, generate passkeys (which are essentially virtual yubikeys) and save them in BW.
- In BW, save the password and TOTP. BW itself, on another device (or in a separate incarnation - e.g. the desktop app when authenticating the browser extension) is now your everyday means of authenticating to BW.
- BW-stored passkey is now your standard means of authentication for e.g. GitHub, Google, etc
- Put the yubikey in a safety deposit box
- Bravo, you have a very professional trust system
Apologies for asking you to repeat yourself. I'm not following this step.
"In BW, save the password and TOTP. BW itself, on another device (or in a separate incarnation - e.g. the desktop app when authenticating the browser extension) is now your everyday means of authenticating to BW."
Can you rephrase it and be specific which passwords and TOTP you mean?
So Bitwarden can store _the password and TOTP for Bitwarden itself_. (!) I actually keep this in an entry entitled 'How meta!' because I'm cute and silly.
So, let's say you're sitting down in front of a fresh install of Bitwarden. You can go to your phone in your pocket and get the password and TOTP and then set Bitwarden to not require a password for 30 days.
Similarly, let's say you've installed the desktop app for Bitwarden but not yet the browser extension. You can look up the BW password and TOTP in the desktop app and use that to authenticate the browser extension. Or vice versa! T
I'm a Librem 5 owner, but I haven't really been able to use it, due to the atrocious (unusable) battery life, and broad incompatibility with most of the things that I need to do with a phone.
I've been a proud Linux user since the 90s, so by rights I should be exactly the market they're trying to capture -- slightly paranoid, FOSS-idealogue, willing to trade off some (or even a lot of) usability for freedom (and these days, a degree of protection from that thing that is happening in the USA and elsewhere, which is no longer safe to call by its name).
Yet here are the things that I cannot do on my Librem 5 that I basically need to be able to do in order to subsist:
- Go for more than 5h without charging
- Google Maps. I know -- on my GrapheneOS handset, I have OSMAnd+ and OrganicMaps (installed via F-droid no less) but as it happens, I live in a city with a lot of bridges and even more traffic, and if I want to get anywhere without a +/- 1h variance due to traffic, I depend on live-traffic-informed maps.
- Signal. (note: It's been a year or two since I checked in -- is this available yet on Librem 5?)
- Parking apps. My city has invested heavily in integration against just one of these apps, and it happens not to run on Librem 5 (or, for that matter, GrapheneOS -- why does a _parking app_ want attestation? smh). This is becoming increasingly inconvenient as competing apps seem to be in retreat and I am getting used to circling, waiting for spaces that I can successfully pay for.
- Ability to run local government app, which is available for both Android and iPhone, but obviously not Librem. This was more urgent during the pandemic, when it was required for various things like crossing borders and proving Covid status, but it's still hard(er) to get service from some agencies without it.
I have my Librem 5 in a drawer with my other fun tinkering toys, like my Raspberry Pi collection and 5" touchscreen modules (and breakout boards etc.) I still have plans to install it in my car at some point (it would be a good fit for an always-charging scenario.) Every once in a while I take it out and admire it and dream about the possibility of a future without domination. Then I put it away again.
I'm still bitter that they never refunded me for my canceled pre-order, despite promising to at the time. It's been years and I never got any money back (or a phone, for that matter). I consider Purism to be an untrustworthy business as a result.
I mean that is what it is. Is there some rule that you can't call it that? Or is it just fascist don't like being called fascist and might go after people who call them fascist? Which is very fascist thing to do by the way.
I am not american and for various reasons I am not fan of current White House occupant.
Having said this, I find it weird people calling some govt facist (and by extension socialist), my observation is all of them are- reading Gramchi's facist manifesto, he says (from memory so not word to word): everything in state, nothing outside of state, nothing against the state. To my knowledge whole world is now ran by this principle, we are forced to be part of the system and pay taxes, we will be punished if we don't.
Taking this under account I come to sad conclusion that it's difficult to find a country that is not facist, certainly not the EU (a.k.a. another "thinker" Spinelli who came with his own communist manifesto which was adopted as EU's cornerstone, one of the main EU buildings carries his name), not the country I live in, I don't know about real USA posture but I guess it's similar- try to hire somebody or be hired without letting the state know and you'll face massive problems.
When people say fascism are speaking more of an authoritarian nation where corrupt officials use the state to suppress opposition. Modern day Hungary is a good example
I assume this is about AI, but I'd like to set the lens a bit wider than that.
Since the eighties, software (as problem/solution space) has expanded to fit the hardware available. At first we scaled with the density of transistors, and then, in the nineties, we scaled with the unfolding multitude of Internet-enabled use cases. Then, in the late aughts, we scaled again, this time with the unfolding multitude of mobile and embedded use cases.
Think of it as a sort of hot-air balloon -- each of these initial spurts is kind of like the guy in the balloon pulling the rope to heat the air; the balloon goes up. And each time we got to pull that rope, we got to go higher, and explore more and more of the problem/solution space, transforming the world as we went.
The thing is, hot air balloons can only rise so high -- they have a contextual window that includes the lower and middle parts of Earth's atmosphere. But you can't get a hot-air balloon into orbit -- the context window gives out; you'd need to go back to earth and start from scratch (maybe build a rocket.)
What I find striking about AI isn't that it can replace all or most coders, it's that (to continue the metaphor) it makes the existing air in the balloon more buoyant -- there is less need for the guy pulling the rope to pull that rope (so if your job is rope-pulling-guy, watch out.) Yet -- and this is the crucial part -- AI is being _sold_ as if it's _more atmosphere_. I.e., someplace for both money and talent to _go_; a reason to keep pulling that rope.
For a while, it looked as if it was both -- a way to pull on the rope less frequently, and _also_ a new problem/solution space to go with the ol' balloon basket. But I'd reckon the _excitement_ about AI largely had to do with the second interpretation.
Now the picture is less certain. For some activities, AI still seems genuinely revelatory/apocalyptic, depending on which side of the manager/labour dyad you fall. Yet recent studies (frequently alluded to here on HN already, scroll around) seem to show limited bottom-line benefit for a lot of use cases. This might mean there is UX work to be done, or it might mean that we're bumping up against the top of the balloon's useful range, skidding along the ceiling of the problem/solution space.
So, ironically, if AI turns out to be very useful, in the same way that word processing, email, and maps all proved useful, programming sticks around as a lucrative profession, modulo some changes in how we market and think about ourselves as engineers. We will use AI to build the new AI things that people want.
But if, for whatever reason, AI turns out to be less of a big deal than it initially seemed, then we rope-pullers are now in a situation where there is less need to pull that rope, as there is nowhere left to go (and worse, the balloon is simply more buoyant now, and needs fewer rope-pullers).
So if AI is a big deal, the party continues; if AI is _not_ a big deal, it's time to get other skills, as a stagnant market leaves the investment capital nowhere to go and our skill-set becomes commoditized. (Time to get a union.)
There's this population-management strategy that involves giving people something useless but (emotionally or intellectually) difficult to do; it creates psychological buy-in with the stated objective.
We saw it a lot during the pandemic, between the time when we realized the pathogen was airborne and the time we stopped putting up hand sanitizer stations every few feet; and again, when we learned that perspex shields made airflow worse, not better, but kept them installed (and kept putting up more.)
You also see it in wartime a lot; e.g. the 'if you see something, say something' campaign after 9/11 mostly just got you put in touch with a very bored phone operator who filed your complaint with the ten thousand others that, let us be honest here, mostly amounted to, "I saw a brown person."
"There is nothing you can do" is anathema to any campaign.
HN reveals itself again as the manicured lawn of the fascist tranche of our industry
reply