@glyph Did you quote post something?
Uncategorized
903
Posts
312
Posters
0
Views
-
I will not continue this discussion as you seem to underestimate the experience I have in this topic, and seem to lack experience in child-safe, open gaming yourself (you could ask for it, but chose to discredit me instead).
(Just one hint: I have a truckload of parents and children here who simply insist in playing MineClonia instead, and it works in all cases.)
-
@glyph … and woe betide you if you have the misfortune to both (a) be a teacher in a school system that uses MS infrastructure, and (b) have children studying in the same school system. This appears to be a use case that MS authentication is unable to account for. It doesn’t matter what you’re trying to do - you’re logged into the “other” system, and trying to correct things only makes things worse. Incognito browsing and/or completely separate browsers appears to be the only solution.
Ask me how I know.
@freakboy3742 so, I have not experienced this *exact* alignment of misfeatures, but, let's just say that I have experienced a … sufficiently resonant set of circumstances with this particular system that I am nodding along, grinning amiably as I read this toot, trembling almost imperceptibly and with just the littlest bit of blood trickling out of one of my ears
-
@freakboy3742 so, I have not experienced this *exact* alignment of misfeatures, but, let's just say that I have experienced a … sufficiently resonant set of circumstances with this particular system that I am nodding along, grinning amiably as I read this toot, trembling almost imperceptibly and with just the littlest bit of blood trickling out of one of my ears
@freakboy3742 I can't even fully explain the _full_ disaster that lead to this but suffice it to say that every time Microsoft wants to do anything with a passkey, I have to carefully navigate past an entry that reads "glyph (Microsoft) (Twisted) (Other)" in my password manager, and it can never under any circumstances be deleted
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph This is a very accurate description.
I somehow ended up with three different accounts, one of them split further into "personal" and "organization". Each one appears to have a different set of access rights.
I'm unable to reset the PW on the organizational account, because of some policy. But I'm asked to change that PW every few months, because that's policy too.
I'm pretty sure no real person ever set this up, and I'm not aware of any "admin" person I would be able to ask about it.
-
@glyph … and woe betide you if you have the misfortune to both (a) be a teacher in a school system that uses MS infrastructure, and (b) have children studying in the same school system. This appears to be a use case that MS authentication is unable to account for. It doesn’t matter what you’re trying to do - you’re logged into the “other” system, and trying to correct things only makes things worse. Incognito browsing and/or completely separate browsers appears to be the only solution.
Ask me how I know.
@freakboy3742 @glyph It beats even firefox containers?
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph every time i log in to minecraft (which is not often but anyway, on new computers), somehow i get to a stage in the auth process that says it's provisioning a new passkey for me (despite not clicking any passkey-related buttons anywhere in the process), and then it fails because it's an embedded web view and not a real browser. it really does feel like microsoft's login flow is really badly broken and that it mistakenly takes you to steps you did not ask for
-
this has nothing to do with copilot or AI or any specific systemic issue. it’s just a mountain of really infuriating but ultimately mundane failures. it’s tempting to diagnose some reason for this but it’s so badly broken that I really can’t imagine how it got this bad
@glyph I feel like at least a big part of how this happens has to come down to the fact that the average end user of Microsoft's software doesn't have a choice in the matter (because their employer is the one making the purchase decision, not them)
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph if i'm prompted to make a passkey i just assume they're going to store it on their server, not my machine. NO.
it always feels like a snow job.
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph I totally lost access to my work MS account because THEY had a login loop bug in teams. Appeal denied. Second appeal denied. I’m just done with them. Client wants to me to be in their Teams? Sorry.
-
granted, probably 1/3 of the difficulties here have to do with microsoft’s ill-conceived “think of the children” account system, and buying the game as a regular adult with a single account would have been massively easier. but still, you’d think that a PM somewhere in the org would have considered that it is *possible* that a child might want to play … minecraft
@glyph Yes absolutely. The trivial solution to this problem is teaching children you always lie about your age. All it ever took us setting up this stuff was entering password and copying a 2FA code from email.
-
> passkeys offer zero advantages over existing technology
what passkeys offer is cryptographic resistance to replay attacks. If you have a password, even if you have a TOTP code, you can be tricked into sharing it with an attacker, and the attacker can "replay" it back to the original site, taking over your account. The way they achieve this is that "the HTTPS domain name of the site that's asking" is baked into the key exchange; an attacker cannot trick your browser that way
@glyph so there's some kind of challenge/response going on?
-
@morgan @glyph You can definitely make Google accounts with non Google email addresses. I and other family members have a number of them, some even made recently. The setup process for a new phone might not allow creation of new Google accounts that way, but you can sign in to them on new phones and in general you can make them.
-
@aburka If you "use passkeys" as a normal person, even with something like 1password, there's a recovery path, even if you have only a single device. For example, the way that this works with Apple is that you drop your phone in a toilet, then when you get a new phone, you enter the *device passphrase for the old phone* to decrypt your iCloud Keychain locally, and it syncs down from the cloud. This doesn't work with Advanced Data Protection, but that is very much opt-in.
@glyph I think we're agreeing on this point -- the passkeys have to be backed up off-device
-
Luanti is not bad, it is a little different I would argue is a fun tool to learn how to squeeze as much power out of lower end devices.
Of course you could install & run it from the same device but it functions much better in a server/client setup.
It does have Mac builds, they can be picked up from the download page. It can be built from source to run it on older Mac devices. -
Luanti is not bad, it is a little different I would argue is a fun tool to learn how to squeeze as much power out of lower end devices.
Of course you could install & run it from the same device but it functions much better in a server/client setup.
It does have Mac builds, they can be picked up from the download page. It can be built from source to run it on older Mac devices.@glyph
To get the most squeeze, if on Linux I would use 2 programs to get the most oomph out of a RPI4:
1: ZRAM for compression & eliminate swap file usage.
2: tmpfs for speeding up the disk IO by creating a RAM disk that you store your sql3 database that stores the game world files.In systemd I created a startup script; start tmpfs & load world from disk.
reload: in case something goes wrong, reload world files & restart server
stop & use RSYNC to sync all changes from the tmpfs to disk. -
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
I'm a somewhat tech-savvy person, and passkeys just feel so much like I'm being scammed.
I trained myself not to trust the browser to store a password, and instead use a password manager, but now I keep getting prompted to let the browser manage some magical thing.
What happens if I need to use the same account across different devices? Do I use some complicated login practice on each one and get a magical key? Is there some way other than signing in to Chrome or Firefox sync to share the "passkey" (what is it, a cert, a gpg key, some other magic number?) between my devices. If so, how do I prevent that from being compromised.
I know there's no magic silver bullet for security, and the complete mess that I see when places do use passkey makes me really unsure about it as a solution.
-
@glyph here's the question I would ask. I've recently had similar frustrations with the simple act of logging into hotmail. it is now a process which on my phone, takes me through nine different web pages every single time I try to log on. I would chalk it up to garden variety incompetence, if at every step it didn't say some variation of "this would be easier if you gave us more of your personal information!"
did you get a lot of that? or was it all normal screw-ups?
-
@glyph so there's some kind of challenge/response going on?
-
@aburka @glyph the technical detail of that is each key has a "Relying Party Id" that is part of the initial creation and that id has to be a domain name. There are then rules for what domains match that RP id, with things like "subdomains match parent keys, except when the RP id is on the public suffix list: https://publicsuffix.org/learn/".
The browser then enforces that condition, and won't accept responses from keys with RPs that do not match.
https://docs.corbado.com/corbado-complete/helpful-guides/passkeys/relying-party-id -
@aburka @glyph the technical detail of that is each key has a "Relying Party Id" that is part of the initial creation and that id has to be a domain name. There are then rules for what domains match that RP id, with things like "subdomains match parent keys, except when the RP id is on the public suffix list: https://publicsuffix.org/learn/".
The browser then enforces that condition, and won't accept responses from keys with RPs that do not match.
https://docs.corbado.com/corbado-complete/helpful-guides/passkeys/relying-party-id
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Thanks to everyone who responds or replies to my polls. They're one of my favourite parts of being on the Fediverse.
-
@zwol at this point I'd forego semantic, and just take easy and nice to look at. If I were writing a book today, I'd author it in Markdown, and then convert it to...whatever...for editing, or whatever at the very end. Before publishing, I ended up converting to an OpenOffice doc with the publishers template for editing, anyway (but I didn't originally write it to be published, it just worked out that way, so the OpenOffice step wasn't originally in the plans).
-
@ann3nova this is such a specific thing to obsess over, I love it. I drew my own pointers back then, and the one I used most looked pretty much like this. Same shape, but different colors.
-
@swelljoe I completely agree that it becomes tiring looking at all the tags. Not sure I've ever seen a markup language that was both semantic and pleasant to read in source form, though.
-
Le matematiche (libro)
@libri - La matematica è la stessa, ma la scuola russa la vede in modo diverso
-
@zwol I wrote a book in Docbook (SGML first, and then converted to XML later) about 25ish years ago, with a custom vim configuration. It wasn't pleasant. Yes, the tools were bad, but also it's just really sort of tiring looking at all the tags and the processing toolchain was dire.
I was using a LaTeX-based toolchain for the PDF generation, I don't remember details, but Sebastian Rahtz was super helpful when I ran into mysterious issues.
I wouldn't do it again. Different time, different me.
-
@jannem Yeah, like, considered as a thing-in-itself apart from the tools, the major complaint I have about DocBook is that the documentation of _how to write a book using DocBook_ is inadequate.
Many people have very similar complaints about LaTeX.
-
@Esoteria you might be a little too young for this classic scene from "WKRP in Cincinnati".
