hedgehog
I recommend checking out Friendly Social Browser.
For starters, it was never “open source”…
From your link:
Instead, as Winamp CEO Alexandre Saboundjian said, “Winamp will remain the owner of the software and will decide on the innovations made in the official version.” The sort-of open-source version is going by the name FreeLLama.
While Winamp hasn’t said yet what license it will use for this forthcoming version, it cannot be open source with that level of corporate control.
If I upload the source code for my project on Github/Forgejo/Gitlab/Gitea and license it under and open source license, allowing you to fork it and do whatever you want (so long as you follow the terms of my copyleft license), and I diligently ensure that code is uploaded to my repository before being deployed, but I ignore all issues, feature requests, PRs, etc., is my project open source?
Yes.
Likewise, if Winamp had been licensed under an open source license, it would have been open source, regardless of how much control they kept over the official distribution.
Winamp wasn’t open source because its license, the WCL, wasn’t open source.
Siri’s integration with ChatGPT is opt-in. Why is that a problem?
a talking collar isn’t likely to help … if the cat is even willing to wear the thing at all.
“Realistically,” Quagliozzi says, “that collar would just be saying ‘get this fucking collar off me’ all the time.”
My first thought was that ending the taxes at land ownership was shortsighted - all capital should be taxed - but then I looked up Georgism on Wikipedia and saw that that was basically already in scope (mostly by “including title of ownership for natural resources and other contrived privileges (e.g., intellectual property)”).
Do you memorize all of your passwords? If so, I take that to mean that you don’t use a password manager. Password managers - really, any app with 2FA - have this problem, too. But if you use a password manager and store your 2FA methods in it, then you only need to be able to regain access to your password manager.
If you use a cross-platform password manager with Passkey support, like Bitwarden, you can use it on any of your devices. In the event that you lose all of your devices, if you don’t have an Emergency Contact set up, you will need your password and one of the following to gain access to your account:
- Access to your 2FA method
- Access to your Recovery Code
- If you’re in an enterprise using Duo 2FA, access to a Duo bypass code (contact your Duo admin to request this)
If you use security keys for 2FA, then you should have at least two - one that you keep with you and a backup that you keep in a safe place, like at home in a lockbox.
If you use a TOTP app to log in, or if you use security keys and want another backup, then making sure you’ll have access to the Recovery Code should be your priority. You can write it down and keep it in a few different places - at home, in your car, in your locker at work, etc… You can share it with someone you trust in person or over an encrypted channel (like Signal). You can store it on a flash drive, encrypted by a second password (which can be much easier than your primary password) or even unencrypted, if you generally keep the drive somewhere safe, disconnected from your computer. As long as you remember your password and can access your recovery code, you’ll also be able to regain access to your account, including all of your passkeys.
Emergency Access requires someone else to have access to their Bitwarden account, but assuming you don’t both lose access, it’s a pretty solid solution. When they request access, Bitwarden will send you an email allowing you to accept or reject their request. If you accept or don’t respond within the allotted “Wait Time” (which you configure: 1 day minimum, 90 days maximum) then they’ll be granted access. You also get a choice (when setting this up) to let them takeover the account (resetting your master password) or to just get read-only access.
Maybe you don’t like Bitwarden and want to use some other app, like 1Password, Dashlane, Roboforms, etc… Whatever your choice, familiarize yourself with how to restore access to your account in an emergency. Then you only need to worry about that and not about how to get access to your passkeys that are on your Windows laptop or only synced to your Apple devices.
But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?
Nope.
Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.
And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.
According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.
The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though.
The site doesn’t need to implement this; the browser handles that part.
I confirmed this works and logged into Github using Google Chrome on my work computer using a passkey stored in Bitwarden earlier today. I had to enable Bluetooth for Chrome, since I’d had it disabled, but then everything else was seamless.
Your milage will vary with your corporate policies.
What does this have to do with anything?
I can’t just pick up any smartphone and install a passkey manager on it.
Sure, because “any smartphone” includes smartphones that don’t turn on, that are locked with a passcode you don’t know, or that are running a 10 year old OS.
Which modern smartphones (meaning, still supported by its manufacturer and running a current OS, i.e., iOS 17/18 or Android 14/15) don’t have passkey support? I don’t know of a single one.
If I were talking about Passkeys and comparing them to client certificates, even though I don’t know much about client certificates in practice, I would say:
- Passkeys can be installed in your password manager, which handles securely syncing it to all of your devices
- Websites can make it very easy to create or log in with a passkey
- Far more websites support passkeys
- Websites can support multiple passkeys per user
- The user experience is far better with passkeys
- Even if your password manager isn’t installed on a given machine, you can still log in with a passkey via your phone, so long as both devices have bluetooth enabled. This allows you to log in on an untrusted device, like a library computer, without exposing your password (though unfortunately that would still result in that computer having access to the session and being able to modify account settings - best practice would be to log out when you’re done and then, from a trusted device, confirm that you were logged out / log out of all devices.)