@glyph Did you quote post something?
Uncategorized
903
Posts
312
Posters
0
Views
-
@glyph here's the question I would ask. I've recently had similar frustrations with the simple act of logging into hotmail. it is now a process which on my phone, takes me through nine different web pages every single time I try to log on. I would chalk it up to garden variety incompetence, if at every step it didn't say some variation of "this would be easier if you gave us more of your personal information!"
did you get a lot of that? or was it all normal screw-ups?
-
@glyph so there's some kind of challenge/response going on?
-
@aburka @glyph the technical detail of that is each key has a "Relying Party Id" that is part of the initial creation and that id has to be a domain name. There are then rules for what domains match that RP id, with things like "subdomains match parent keys, except when the RP id is on the public suffix list: https://publicsuffix.org/learn/".
The browser then enforces that condition, and won't accept responses from keys with RPs that do not match.
https://docs.corbado.com/corbado-complete/helpful-guides/passkeys/relying-party-id -
@aburka @glyph the technical detail of that is each key has a "Relying Party Id" that is part of the initial creation and that id has to be a domain name. There are then rules for what domains match that RP id, with things like "subdomains match parent keys, except when the RP id is on the public suffix list: https://publicsuffix.org/learn/".
The browser then enforces that condition, and won't accept responses from keys with RPs that do not match.
https://docs.corbado.com/corbado-complete/helpful-guides/passkeys/relying-party-id -
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph That's one of M$'s defining features. Authentication tacked on afterwards, and the concept of privilege sometime after that.
-
It is difficult to express how bad microsoft’s authentication system is. like it’s not just “bad” or “broken” or “buggy”, it is a world-historic interaction design catastrophe. no matter how bad you think it is, no, it’s worse than that actually.
@glyph 100% same. Buying a 2nd Minecraft account for my kiddo, I - a veteran software professional - ended up accidentally creating an entirely unwanted 3rd Microsoft account, to which the license is irrevocably attached.
-
I can’t even describe how ridiculous the series of steps are that are required to enable multiplayer on java minecraft for an account of someone under 12. literally 100% of the labels on the relevant options are simply incorrect. there are constant references to “xbox” when nothing here is even vaguely related to xbox. this is a java game on a macintosh computer with multiplayer on my LAN. the text in the tooltip on the disabled multiplayer button also gives inaccurate instructions for fixing it
@glyph oh no, I was afraid when this thread started it would get here. Signed, a dad who has finally given in on Minecraft for someone under 12
-
@glyph oh no, I was afraid when this thread started it would get here. Signed, a dad who has finally given in on Minecraft for someone under 12
@luis_in_brief haha. have you already figured it out? I can help you with this part (I will literally hop on a call if you need, this was almost implausibly miserable)
-
I can’t even describe how ridiculous the series of steps are that are required to enable multiplayer on java minecraft for an account of someone under 12. literally 100% of the labels on the relevant options are simply incorrect. there are constant references to “xbox” when nothing here is even vaguely related to xbox. this is a java game on a macintosh computer with multiplayer on my LAN. the text in the tooltip on the disabled multiplayer button also gives inaccurate instructions for fixing it
@glyph oh my god I have had to go through this too. It is horrible. We have Minecraft on the Switch and trying to get it to play online for our 6 year old (in a Minecraft run private server) has been impossible. It keeps logging him out and each time we have to run a gauntlet of this stuff. I’ve given up honestly
-
@luis_in_brief haha. have you already figured it out? I can help you with this part (I will literally hop on a call if you need, this was almost implausibly miserable)
@glyph appreciate the offer! Probably a next-weekend problem, after I consult with the other parents whose kids A wants to share realms/building with.
-
@glyph oh my god I have had to go through this too. It is horrible. We have Minecraft on the Switch and trying to get it to play online for our 6 year old (in a Minecraft run private server) has been impossible. It keeps logging him out and each time we have to run a gauntlet of this stuff. I’ve given up honestly
@CatherineFlick Bedrock is an entire additional layer of misery which is why I have been gently guiding other parents towards Java when they can manage it. But some kids don’t have devices that can run it, and so we are in the process of setting up Geyser and Floodgate and all kinds of backend sadness. I have even done it once before but replicating it is nigh impossible
-
@CatherineFlick Bedrock is an entire additional layer of misery which is why I have been gently guiding other parents towards Java when they can manage it. But some kids don’t have devices that can run it, and so we are in the process of setting up Geyser and Floodgate and all kinds of backend sadness. I have even done it once before but replicating it is nigh impossible
@glyph I've set that up a few times, and currently maintain it on two servers. I'm using Paper instead of vanilla+Fabric, though, which may not match your scenario.
-
@jwz @cstross for a while I thought that banks were avoiding implementing cheap but sophisticated authentication methods because they'd already priced in the fraud and didn't want to bother spending "engineering resources" (an incorrect model of how digital services infrastructure is maintained, but I digress) to do something that would merely hedge a risk they'd already hedged, but this model has broken down somewhat as they have "spent the resources" and made things uniformly worse
@glyph @jwz @cstross I bought some yubikeys a while back because I thought I ought to be taking security seriously.
They were great at first.
Now, in order to use them, I have to dismiss at least two other offers of passkeys (that won't work) and press at least one button that looks like it's going to cancel the login but which is actually required to proceed.
-
@glyph I've set that up a few times, and currently maintain it on two servers. I'm using Paper instead of vanilla+Fabric, though, which may not match your scenario.
@hjhornbeck I am just looking for something that is safe to be internet-exposed, that can maintain an allowlist, and that takes as little effort to admin as possible
-
at the end of the process we needed to go to the xbox settings page which you get to by going to the xbox account page, and then to the settings of the account page, and then the account settings of the settings account
@glyph toots that read like I am having a stronk while reading them
-
once you’ve fixed the setting it obviously isn’t reflected in the game. in order to enable this functionality you need to quit the game, log out of the launcher, quit the launcher, *reboot your computer* apparently, and then launch the launcher, ans reauthenticate in the launcher BUT NOT IN A WEB BROWSER. don’t do it too fast though, gotta give the sync state time to replicate through some opaque backend
@glyph I just last week tried to get through this process after my son had to reinstall Windows on his gaming PC - we had not touched any settings, but Minecraft insisted he can't do multiplayer, which worked completely fine before for years.
After running in circles in the settings for hours, I simply made him 18 (he's almost 16) in the age settings, had him log in and release himself out of the MS family settings, and now he can do multiplayer again.
MS forgot how to do software engineering.
-
@hjhornbeck I am just looking for something that is safe to be internet-exposed, that can maintain an allowlist, and that takes as little effort to admin as possible
@glyph No preference between Paper or Fabric? A quick guide for the latter:
1. Download Fabric Installer from https://fabricmc.net/use/server/ , follow docs to install.
2. Head to https://modrinth.com/mods , download Fabric API, Sodium, and Lithium into mods directory.
3. Head to https://geysermc.org/download/?project=geyser , download Fabric versions of Geyser and Floodgate into mods.
4. Launch it all. Log in with Minecraft via local network. Use the server-side console to make yourself an /op and enable a /whitelist.
5. Expose TCP/25565 and UDP/19132 to the internet.
6. Use /fwhitelist to add Bedrock players, partial docs here: https://geysermc.org/wiki/floodgate/faq/Paper is slightly easier, skip step 2 and use Paper/Spigot plugins instead. Download: https://papermc.io/downloads/paper
-
@glyph No preference between Paper or Fabric? A quick guide for the latter:
1. Download Fabric Installer from https://fabricmc.net/use/server/ , follow docs to install.
2. Head to https://modrinth.com/mods , download Fabric API, Sodium, and Lithium into mods directory.
3. Head to https://geysermc.org/download/?project=geyser , download Fabric versions of Geyser and Floodgate into mods.
4. Launch it all. Log in with Minecraft via local network. Use the server-side console to make yourself an /op and enable a /whitelist.
5. Expose TCP/25565 and UDP/19132 to the internet.
6. Use /fwhitelist to add Bedrock players, partial docs here: https://geysermc.org/wiki/floodgate/faq/Paper is slightly easier, skip step 2 and use Paper/Spigot plugins instead. Download: https://papermc.io/downloads/paper
@glyph One annoyance is that Bedrock updates frequently, usually in the background. Need to update Geyser at minimum, sometimes Floodgate as well. ViaVersion is the Java equivalent.
As for updating the server itself, Paper's a bit easier. Just download a new copy over paper.jar, update plugins to latest, restart server. Auto-updating plugins is a bad idea for security reasons, I manually update monthly (or if kids complain, just do ViaVersion/Geyser/Floodgate). Geyser/Floodgate updates can be automated via wget/curl and some manual scripting. Modrinth has an excellent API that others have hooked into, here's a Fabric auto-updater that looks sensible: https://github.com/SushiSanCat/ModrinthCollectionDownloader
-
-
@CatherineFlick Bedrock is an entire additional layer of misery which is why I have been gently guiding other parents towards Java when they can manage it. But some kids don’t have devices that can run it, and so we are in the process of setting up Geyser and Floodgate and all kinds of backend sadness. I have even done it once before but replicating it is nigh impossible
@glyph honestly how the fuck is this so hard
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@shizamura @JenJen reminds me of
-
@quinta ne sono assolutamente convinto anch’io; anche perché già con Capitol Hill Trump aveva dimostrato le sue intenzioni e fu solo la posizione di Mike Pence che validando i risultati elettorali permise l’uscita di scena di Trump.
-
Mah
#parle
Par🇮🇹le n°1469 X/6🟨⬛⬛⬛⬛
⬛🟩⬛⬛🟩
⬛🟩⬛⬛🟩
🟩🟩⬛⬛🟩
🟩🟩⬛⬛🟩
🟩🟩⬛⬛🟩
-
@GustavinoBevilacqua @yaw ecco, magari un po' (tanto) meno elitista di una Castalia, essere qui per scelta consapevole sì, ma se la scelta è “perché qui vedo gattini e shitpost dei miei amici (o di perfetti sconosciuti) senza che vengano coperti dai gatti generati dall'ai degli influencer alla ricerca di profitto” va benissimo ugualmente
-
RE: https://thecanadian.social/@MostlyHarmless/115874030186694960
This is fantastic.
If this doesn't work...
-
I've been boycotting Samsung for years now. People outside Korea often seem surprised when I mention this—after all, Samsung is one of the most recognizable Korean brands globally. So let me explain.
It started after I read <cite>Think Samsung</cite> (<cite lang="ko"><ruby>三星<rp>(</rp><rt>삼성</rt><rp>)</rp></ruby>을 생각한다</cite>) by Kim Yong-chul, a former Samsung lawyer turned whistleblower. The book exposed systematic corruption, slush funds, and how the conglomerate wielded its influence to evade accountability. It painted a picture of a company that operated as if it were above the law.
But what pushed me from mere dislike to active boycott was the 2015 merger between Samsung C&T and Cheil Industries. This wasn't just questionable corporate governance—it was engineered to help Lee Jae-yong consolidate control of the Samsung empire. The merger ratio heavily undervalued Samsung C&T, and the National Pension Service, despite its fiduciary duty to Korean citizens, voted in favor of it. Korean pensioners lost billions.
The whole affair later became central to the corruption scandal that brought down President Park Geun-hye. Lee Jae-yong was convicted of bribery. And yet Samsung continues as if nothing happened.
I'm under no illusion that my personal boycott hurts Samsung in any meaningful way. But some things aren't about effectiveness. They're about not being complicit.
-
@misnina i love little truck homes 😖 😭
-
C'è stata una generazioni di "capitani di industria" che avevano una etica.
Enrico Mattei tra questi
