Hacker Newsnew | past | comments | ask | show | jobs | submit | lsowen's commentslogin

Passkeys _may_ be synced, but that isn't guaranteed. For example a "device bound passkey" isn't synced.

reply


There is a project under way to specify how to "sync" device-bound keys between authenticators: https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20241003.html

Ideally this should have been hashed out before deploying passkeys everywhere, but I guess you can always register multiple passkeys for the sites that allow you to.

reply


Iirc the original idea was that passkeys should be device specific. Of course that's impractical so now they're morphing to a long password that a human can't process.

In a few years someone will post "how about a long human retainable passphrase?" as a new and improved discovery.

reply


They are still different to a password in that the service you are logging in to never gets the private key. So in the case the database gets compromised, if the service provider ensures no edits were made / restores a backup, there is no need to change your passkey since it was never exposed.

reply


That was possible before passkeys.

https://www.rfc-editor.org/rfc/rfc9807.html

https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

reply


I use a similar model to this extensively.

1. Hotels where you have to pay a "connection fee" you only have to pay once

2. I travel with a chromecast that can connect to my private network

3. I run wireguard, so all my traffic back is automatically encrypted

4. I can position this to get a better wifi signal, "boosting" the signal (via my private network) for all my devices


> 1. Hotels where you have to pay a "connection fee" you only have to pay once

Yeah especially when not travelling alone. Some places are really exploitative with this.


And also didn't know how to work thr radio? Surely autoland doesn't disable communication


seems like an unlikely rumor to be true at this time


Only the GET requests are metered. An anti-bot/anti-AI scraper measure?


Maybe some kind of anti-fraud measure too?

So much spam would go away if we just charged $1 per 5000 emails. Normal humans would be fine. Mailing lists would need charge, but it would be minimal for most useful mailing lists.

Maybe Amazon is going after some fraud?


They probably want to remove pricing transparency.


Generative pretrained transformer, I think? https://en.wikipedia.org/wiki/Generative_pre-trained_transfo...


It’s actually generally prime t-bones


I'm not sure I agree with Karpathy's "the next wave of programming languages will be natural language", but I'm even more concerned about The Big 3 consulting firms message of how businesses _must_ integrate AI into _everything_ or perish.


FYI, the FAQ link in the footer (https://grayjay.app/faq) appears to be broken (throws a 404)


Has anyone tried openobserve (https://github.com/openobserve/openobserve)? How does it compare/contrast to Quickwit as an "Elasticsearch for logs" replacement?


The purpose for internship programs generally are to grow the interns skills and establish a talent pipeline, _not_ for their immediate "code lift".

Unless you think that AI is going to completely replace developers, then there will remain value in having interns.


My former FAANG uses internships at the Ph.D. level for both recruiting and talent acquisition. Hiring committees have a way easier time assessing candidates with feedback like "this intern implemented X, Y, and Z beyond their project spec W during the summer" or "this intern goofed off all summer."


The situation is not as dire as it first appeared. While the messaging wasn't handled very well, where everything is settling out is good, with pluggable auth and an open source reference implementation: https://lakefs.io/blog/why-moving-acls-out-of-core-lakefs/


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: