@glyph Did you quote post something?
Uncategorized
903
Posts
312
Posters
0
Views
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
-
@glyph I've had the immense displeasure of having to use sharepoint recently and it's truly a russian roulette of whether or not I'll be able to access a document I had access to the day before. hilariously the most reliable way to regain access is to *clear* cookies, aka logging out??
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
-
@nebulos oh yeah up until about 8 months ago, I had to manually clear cookies on 10 different domains in order to even be able to log in on macOS safari. not obviously connected domains either. I had a whole checklist. it’s been a big upgrade to be able to auth without using dev tools
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
-
-
@nebulos to be clear I am not doing a bit here, this is 100% literal. I have no idea why my account was in this state for years while most aren’t; I do know *most* aren’t
@glyph everyone I know who uses sharepoint has at least a *little* bit of this problem, even if it's not quite so bad as 10 domains but idk wtf's going on at microsoft - I've seen more sensible engineering in my toilet bowl
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph … and woe betide you if you have the misfortune to both (a) be a teacher in a school system that uses MS infrastructure, and (b) have children studying in the same school system. This appears to be a use case that MS authentication is unable to account for. It doesn’t matter what you’re trying to do - you’re logged into the “other” system, and trying to correct things only makes things worse. Incognito browsing and/or completely separate browsers appears to be the only solution.
Ask me how I know.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph this is the exact trick is why I won't use them.
(My daily driver is a windows machine. It's got this slime at the os level)
-
the folks trying to get open source developers to boycott github are barking up the wrong tree. just get an agent hired at microsoft who internally advocates to remove unnecessary duplication in the login systems. get a promo out of it, it totally makes business sense. require every current github user to use login dot live dot com. 50% marketshare reduction within the year, I guarantee you
Two things.
1) Who is there bullying developers to boycott it? WTF?!? That sounds a bit extreme considering the platform is getting more and more annoying to use all by itself by the day...
2) I'm surprised that Microsoft hasn't forced GitHub to use Azure AD for Authentication by now too...
-
@Shivaekul in our case, we probably *do* actually want the parent in question to have their own separate copy of minecraft, and so this is more of an abstract question, but I *do* imagine it will become practical soon, which is: *is* it possible to move a Minecraft purchase to a different Minecraft account? Based on the "xbox", "minecraft", and "microsoft family" information architecture I have to assume that if this is possible I'll find it on Outlook Dot Com somewhere
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph guests tried to play XBox today. Neither I nor my adult child were able to get them in to play.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph my experience of using passkeys is that if by fantastical chance every single element of the software stack I'm using is compatible, then I'll randomly get a pop-up asking if I want to log in with a passkey instead of having my password manager autofill the password. There's no time savings. And it still wants a six digit code afterwards.
Last week one of my accounts, which previously did the passkey prompt, started instead prompting my to "touch my Yubikey". I don't have a Yubikey. I've never used a Yubikey for any account. But there's no option to click to contradict the software's assumptions. (Also, most users would have absolutely no idea what a Yubikey is or why you would touch one.)
My experience of using passkeys is strictly worse than a normal password manager. Plus, it's easy to understand how a password works, whereas it seems like I'm not allowed to understand passkeys, or at least nobody is interested in trying to explain it to build user confidence that they're secure, you're just expected to believe in the magic. Engineers who have only ever used top-of-the-line Apple products and never shared devices with another person took a formidable problem (password reuse) and invented a treatment that is significantly worse than the disease.
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
@glyph encountering a passkey on an iPhone is a way better experience than encountering it on windows. Even still the UX is a giant mess across the ecosystem.
(Insert rant about discoverable keys)
I do hope we sort this out, but it feels like an uphill battle
-
@glyph encountering a passkey on an iPhone is a way better experience than encountering it on windows. Even still the UX is a giant mess across the ecosystem.
(Insert rant about discoverable keys)
I do hope we sort this out, but it feels like an uphill battle
@cthos this whole experience was on apple devices but there is only so much that can be mitigated
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph this is why I try my best to avoid anything made by Microsoft. It's not just authentication system, EVERYTHING they do is like that
-
@cthos this whole experience was on apple devices but there is only so much that can be mitigated
@glyph *sigh* I am going to have to put up a rant one of these days about all the little annoying UX foot guns aren't I?
-
if this is how most people encounter passkeys it’s no wonder that they fucking hate them. it feels like getting tricked. because it is getting tricked. I was tricked
#pluralistic describes it as the "fat-fingered economy" portion of surveillance capitalism.
They deliberately redesign interfaces to increase the changes of clicking on the wrong thing.
Linking phones to identities to laptops to home appliances to home addresses to email to bank accounts & credit cards to passports & driver's licenses...
Connecting games accounts to social media accounts to college accounts...
-
@glyph my experience of using passkeys is that if by fantastical chance every single element of the software stack I'm using is compatible, then I'll randomly get a pop-up asking if I want to log in with a passkey instead of having my password manager autofill the password. There's no time savings. And it still wants a six digit code afterwards.
Last week one of my accounts, which previously did the passkey prompt, started instead prompting my to "touch my Yubikey". I don't have a Yubikey. I've never used a Yubikey for any account. But there's no option to click to contradict the software's assumptions. (Also, most users would have absolutely no idea what a Yubikey is or why you would touch one.)
My experience of using passkeys is strictly worse than a normal password manager. Plus, it's easy to understand how a password works, whereas it seems like I'm not allowed to understand passkeys, or at least nobody is interested in trying to explain it to build user confidence that they're secure, you're just expected to believe in the magic. Engineers who have only ever used top-of-the-line Apple products and never shared devices with another person took a formidable problem (password reuse) and invented a treatment that is significantly worse than the disease.
@aburka on some level I disagree, in that the infrastructure in the browser, the cloud services, the client devices etc is all tremendously valuable. (it’s not really designed for “time savings”, particularly not for people already using password managers, but for increased security for those who aren’t). I don’t want the baby thrown out with the bathwater here.
-
@aburka on some level I disagree, in that the infrastructure in the browser, the cloud services, the client devices etc is all tremendously valuable. (it’s not really designed for “time savings”, particularly not for people already using password managers, but for increased security for those who aren’t). I don’t want the baby thrown out with the bathwater here.
@aburka but I must concede that the overall, systemic effect, particularly once RPs are taken into account, is a roiling disaster. prompting for a username, a password, a passkey AND a TOTP (or even worse, email or SMS) code is confused to the point of incapacity. Complete cryptogibberish, probably less secure than what it’s replacing.
-
@aburka but I must concede that the overall, systemic effect, particularly once RPs are taken into account, is a roiling disaster. prompting for a username, a password, a passkey AND a TOTP (or even worse, email or SMS) code is confused to the point of incapacity. Complete cryptogibberish, probably less secure than what it’s replacing.
@aburka we need to replace passwords, and passkeys are a reasonable replacement for a lot of people, but the advocacy focus REALLY needs to shift from “hey users, cool feature alert, use passkeys everywhere!” to “hey website developers, standardize your fucking processes”. allow users to rehearse credential loss, set up successor accounts, ACTUALLY use passkeys as password replacements rather than bizarre MMMMFA security theater, and do it in legible ways common across all sites
-
@aburka we need to replace passwords, and passkeys are a reasonable replacement for a lot of people, but the advocacy focus REALLY needs to shift from “hey users, cool feature alert, use passkeys everywhere!” to “hey website developers, standardize your fucking processes”. allow users to rehearse credential loss, set up successor accounts, ACTUALLY use passkeys as password replacements rather than bizarre MMMMFA security theater, and do it in legible ways common across all sites
@aburka if you actually want someone to explain passkeys to you I can do it, but I can only explain what the tech actually does and how sites are SUPPOSED to use it, not what the confused former intern at amazon or microsoft who implemented it for them before being immediately fired was thinking when they did that
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@shizamura @JenJen reminds me of
-
@quinta ne sono assolutamente convinto anch’io; anche perché già con Capitol Hill Trump aveva dimostrato le sue intenzioni e fu solo la posizione di Mike Pence che validando i risultati elettorali permise l’uscita di scena di Trump.
-
Mah
#parle
Par🇮🇹le n°1469 X/6🟨⬛⬛⬛⬛
⬛🟩⬛⬛🟩
⬛🟩⬛⬛🟩
🟩🟩⬛⬛🟩
🟩🟩⬛⬛🟩
🟩🟩⬛⬛🟩
-
@GustavinoBevilacqua @yaw ecco, magari un po' (tanto) meno elitista di una Castalia, essere qui per scelta consapevole sì, ma se la scelta è “perché qui vedo gattini e shitpost dei miei amici (o di perfetti sconosciuti) senza che vengano coperti dai gatti generati dall'ai degli influencer alla ricerca di profitto” va benissimo ugualmente
-
RE: https://thecanadian.social/@MostlyHarmless/115874030186694960
This is fantastic.
If this doesn't work...
-
I've been boycotting Samsung for years now. People outside Korea often seem surprised when I mention this—after all, Samsung is one of the most recognizable Korean brands globally. So let me explain.
It started after I read <cite>Think Samsung</cite> (<cite lang="ko"><ruby>三星<rp>(</rp><rt>삼성</rt><rp>)</rp></ruby>을 생각한다</cite>) by Kim Yong-chul, a former Samsung lawyer turned whistleblower. The book exposed systematic corruption, slush funds, and how the conglomerate wielded its influence to evade accountability. It painted a picture of a company that operated as if it were above the law.
But what pushed me from mere dislike to active boycott was the 2015 merger between Samsung C&T and Cheil Industries. This wasn't just questionable corporate governance—it was engineered to help Lee Jae-yong consolidate control of the Samsung empire. The merger ratio heavily undervalued Samsung C&T, and the National Pension Service, despite its fiduciary duty to Korean citizens, voted in favor of it. Korean pensioners lost billions.
The whole affair later became central to the corruption scandal that brought down President Park Geun-hye. Lee Jae-yong was convicted of bribery. And yet Samsung continues as if nothing happened.
I'm under no illusion that my personal boycott hurts Samsung in any meaningful way. But some things aren't about effectiveness. They're about not being complicit.
-
@misnina i love little truck homes 😖 😭
-
C'è stata una generazioni di "capitani di industria" che avevano una etica.
Enrico Mattei tra questi
