I found this funny. I am not sure if it was intended that way!
> Monads are not some kind of obscure math-y thing that only the big brains think are necessary. No, instead monads are a fundamental abstract algebraic description of imperative programming as a computational context.
Yep, as a non-big-brainer, I definitely get it now. :)
As a pedestrian, I fear cyclists the most. Please do block the bike lane while I am getting in and out so cyclists won't hit me. I have been almost killed by cyclists many more times than cars. My office building hires someone with a sign to stand in the crosswalk in front of the building where cyclists almost never respect the crosswalk.
Cyclists here regularly ignore red lights and also go the wrong way on streets and even in bike lanes.
You are either very paranoid or very bad at math. The odds of a pedestrian getting killed by a cyclist are minuscule. The best data I could find making an apples-to-apples comparison showed that pedestrians are *160 times* more likely to be killed by a car than a bicyclist.
As a father, I think that the odds are quite high that a 3 years old child will get hit by a cyclist, especially if they ride on the sidewalk. I have had several stressful close calls with my son, and my pregnant wife was hit by a cyclist who didn't respect the red light (as it is the custom among the high lords of the road).
> I think that the odds are quite high that a 3 years old child will get hit by a cyclist
You should see the odds of a child being hit by a car! Here in the US, about 6 children a day are hit and killed by a motor vehicle. And yet the number of children hit and killed by bicycles is unavailable -- perhaps because it is close to 0?
I understand that "as a father" you may become paranoid about things that are objectively unlikely. But if you are more worried about getting killed by a bicycle than by a car -- something 160 times more likely to kill you! -- then perhaps you need to recalibrate.
Thankfully, cars don't ride on the sidewalk. Every cyclist, where I live (Latvia), rides their bike on the sidewalk. Including e-bikes that are really electric mopeds (you don't need to pedal). Will the Indian food delivery rider, late and tired after a long shift, notice my son, who jumped to scare a pigeon? Let's find out!
So, your statistics are worthless if you don't take the context into account. And even if "there is no risk" (virtually), I'm allowed to say that cyclists going at 25km/h have no business on the sidewalk where I walk at 5km/h.
Cyclists think just like car drivers, and find it totally fine, since they themselves "feel unsafe from cars who go too fast". Of course the feelings of the pedestrian plebeians don't count for the new noble equestrian and morally righteous class.
Curious about the "no derivatives" license. Surely anything derivative would be of the original now public domain art and not this. I do not see how this could as a practical matter be enforced. IANAL though.
If I take something in the public domain and make a derivative work, the original remains in the public domain, and I retain ownership of whatever additions or modifications I created. So I can attach whatever conditions I want to the copying of those additions.
For instance, Disney's "Sleeping Beauty" was protected by copyright when it was released, even though it was based on a centuries-old fairy tale that was in the public domain.
A passkey is just a thing that authenticates with FIDO2 (or is it WebAuthn?), I believe.
With a password, you open your password manager, copy the password in memory, paste it into the input field and trust that nobody could read it from your clipboard and that the program handling the password does it correctly. If your password leaks on the way, it's leaked.
With FIDO2, the server sends a challenge and asks your HSM (or TPM, not sure what the right word is) to sign it with your private key. So the server can verify that you own the private key, but if the challenge or the response leaks, it's just this one time. Next time it will be a new challenge.
Also for the average Joe, the result is that the "passkey" is the fingerprint or the face recognition and there is no password. It feels like they have only one password: the biometry/face recognition (or a master password, I guess?). So passkeys are superior to passwords in that sense.
Fun fact 1: some people hate passkeys because they don't want to be forced to rely on TooBigTech for them. Currently I use my Yubikeys as passkeys everywhere and it works well, so I do NOT depend on TooBigTech.
Fun fact 2: FIDO2 on current Yubikeys (and HSM in general, I think) tend to use classic cryptography which would be broken by quantum computers. A password used with symmetric encryption is not broken by quantum computers. So there may be a period of time where this becomes a tradeoff (you may have to decide whether the most likely attack is a quantum computer breaking your authentication or a malware stealing your password)?
> With a password, you open your password manager, copy the password in memory, paste it into the input field and trust that nobody could read it from your clipboard and that the program handling the password does it correctly. If your password leaks on the way, it's leaked.
I don't do that. My password manager simulates keystrokes 2 seconds after I hit the button. I switch to the other window and my password gets punched in without going through the clipboard. Specifically to avoid this attack.
> Currently I use my Yubikeys as passkeys
I have Yubikeys but for 2FA. So we're back to 1FA now but just "something you have" and no "something you know" ?
> I don't do that. My password manager simulates keystrokes 2 seconds after I hit the button.
So a malware on your computer can just listen to the keystrokes, or read on the screen? If the OS is compromised, they can extract the password. With a passkey they can't.
> So we're back to 1FA now but just "something you have" and no "something you know" ?
You can set up a PIN on your Yubikey, so that's "something you have" and "something you know", and you can request physical presence ("touching the yubikey") on top.
> A passkey is just a thing that authenticates with FIDO2 (or is it WebAuthn?), I believe.
Not quite. First of all, passkey is not a standardized term. But usually it refers to a key that can be used for authentication on its own, not as a 2FA along with a password.
A FIDO2 key can be a passkey, or not, depending on the service or configuration.
FIDO2 and WebAuthn added some fields necessary to make this work "securely", e.g. asking the key to verify the user separately (e.g. a PIN, which serves as a second factor), or asking the key whether it is device bound or roaming, so individual sites/enterprises can enforce their security policies
Cloud-based passkeys are okayish (1pass, bitwarden), as they are available on multiple devices.
However not all devices play well with it, e.g. iOS and Android don't ask 1pass for the passkey. I also couldn't make it ask NFC for my hardware Yubikey with passkeys, but maybe I just did something wrong.
Passkeys are supposed to cover two authentication factors at once (having your device + biometrics). Because your yubikey doesn't implement biometrics, it's only a single factor, and thus cannot be used as a passkey.
Yubikey can be used as passkey atorage, I do it on Linux desktop/laptop with passkeys. It requires touching it (but no biometrics). I just couldn't make Android ask my hardware device, it wants to handle passkeys by itself.
It's false that passkeys cover biometrics. They cover password + OTP (aka 2FA aka MFA, although BestBuy requires OTP even after logging in with a passkey).
Likely because GP is misinformed about what passkeys are, which is understandable because they have not been marketed very clearly at all (though I do wish technically literate folks would actually do some research into "new" tech before parroting opinions based on their technopolitical alignment)
I get literally sick after exercising. Like, nauseous and even on occasion vomit. I feel like crap afterwards, and need to almost immediately take a nap. I get zero immediate benefits from exercise (both weights and aerobics), and feel bad the rest of the day. If it is leg day, I drag while walking or taking stairs. I have never gotten a "runners high" or felt any same day benefits.
I do get benefits, mind you - my pinched nerve pains go away, I (sometimes) sleep better, my body looks better. But it is super hard to want to do it and gets done as minimally as possible to not have pain.
Sounds like you’re overdoing it when you do exercise. Focus on just getting some kind of motion, not pushing yourself until your muscles or heart feel like they’re working hard.
Even if you feel like it’s not really doing anything, something is better than nothing. The rule of thumb for a lot of basic cardio is that you should be able to hold a conversation while doing it without pausing because you’re out of breath.
It's been cobbled together over the years to add things I want, like not backing up on battery, or sending a desktop message on success. When I set it up I couldn't figure out how to set up a timer, so it runs when I wake from suspend. I'd probably use a systemd timer in the future though.
I also should probably snapshot my file system before backing up since I'm running btrfs, but I never figured out how to do that either, and this works, lol.
Mostly because it allows decoupling authentication to a given remote, away from restic. easier to use `rclone:remote:folder` than needing to provide a remote + a separate set of env vars to authenticate with that remote.
Not an issue in most languages, but I'm using bash, so its more of a bother.
I'm using Linux Mint 22.3 so Ubuntu 24.04... Haven't solved the problem yet - either going to install/build needed libs and use LD_* vars to point to correct libs, or pack this in Docker/Podman container (but X11 apps and docker are quite a challenge too).
reply