I quit Google last year because I was just done with the incessant push for "AI" in everything (AI exclusively means LLMs of course). I still believe in the company as a whole, the work culture just took a hard right towards kafkaville. Nowadays when my relatives say "AI will replace X" or whatever I just nod along. People are incredibly naive and unbelievably ignorant, but that's about as new as eating wheat.
Passkeys are another brick in this wall. The authors of the spec built in client software identification and attestation, which means authenticating parties can require you to only use certain, closed-source passkey clients. It's not hard to imagine a future where only blessed Passkey clients, such as Microsoft's, Apple's, and Google's implementations, are allowed by most services.
I think passkeys will be used against users. They’ll be used to attest to a user’s trustworthiness by tying authentication back to a real identity. Like another comment mentioned, you’ll end up needing something like a phone that’s locked down. Part of that will be authenticating with a verified ID IMO.
It’ll be incredibly easy to lock dissenters out of modern society. It’s too bad the vast majority of users will happily concede autonomy for a tiny bit of short term convenience.
I expect there will be backlash from non-technical users due to issues like the comment below where the passkey pushers fail to communicate where the keys are stored and thus users unexpectedly lose access to them.
Heh, I'm working on a blog post about this very topic. Passkeys are ... weird. There's a lot of potential for gatekeeping, where websites can indeed require you to use device-bound passkeys through device attestation, and where becoming a vendor requires interacting with the fido alliance....
I would say "I'm sure the mean well", but given that parties like Yubico benefit from not getting more competitors, the cynic in me is a bit worried.
Yeah, I wouldn't say that. It's clear from their public comments[1,2,3] that the spec authors don't believe the private key actually belongs to the user to do what they want with. They see services restricting what users may do with their own logins as a feature of Passkeys. It's really a shame it went in this direction. Replacing passwords with an easy-to-use keypair auth system would be a massive security improvement. But the Passkey ecosystem is poisoned at this point. Unless they remove the client ID & attestation anti-features, it should be considered a proprietary big tech protocol.
[1] Threatening an open-source passkey client with server-side bans because they don't implement passkey storage on the client device in the way the spec authors prefer. https://github.com/keepassxreboot/keepassxc/issues/10406
[3] While writing an article about this on my website, I actually emailed the two involved spec authors on the above issue, politely asking how their interpretation of the Passkey spec could possibly be compatible with open source software. Neither replied.
It is particularly odd in the case of open-source clients (or indeed any client that runs outside of some very locked down hardware) because a) there's nothing that prevents the user exfiltrating keys anyway, and b) attestation also means relatively little for such an implementation.
Yes, the problems are obvious and the spec authors definitely know & understand the issues. Their refusal to have a public discussion about it indicates they just don't care, and their maintenance of a "naughty client list" shows Passkeys are intentionally hostile to user freedom.
Thankfully open source software is not subject to that, so FOSS password managers should be fine. Doesn't mean that other forces won't try to tear them down, however.
Yeah I hate this, installed a new CPU and none of my passkeys work. The browser asks my phone and they don't trust each other and not a damn clue how to fix it.
Don't store passkeys in hardware. They are more secure that way, but more dangerous if you lose them. Your passkeys were stored on the old CPU and are gone. If you do, you need to store on multiple devices like phone, tablet, and computer, but that is harder to manage.
Better to store passkeys in password manager. Then they become more secure passwords. The big advantage is that they can't be phished, and sites don't use 2FA with them. It also means you can choose password manager that you trust and work better than Apple and Google.
Yep, big problem with them: most users have no idea where the thing that pops up and offers to store the passkeys actually stores them (sounds like in your case, in your computer's TPM was either on the CPU you replaced or complained and reset itself when the CPU changed). It's a ticking timebomb that all the 'users love passkeys! (after we nag them about it every time they login until they give up)' blogs fail to catch.
You could have used an open source client to manage your passkeys as you like, including backing them up in your own storage format. I wrote about it here: <https://www.smokingonabike.com/2025/01/04/passkey-marketing-...> I was quite excited about it... until I found out that the Passkey spec authors have warned that client that it may face server-side bans because it lets you manage your own private key how you want, and the spec authors think this is appropriate for servers to do. So I deleted all my Passkeys. Sigh.
You'll probably enjoy this article from one of the original creators of the Passkey ecosystem:
> Since then Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can't be extracted or exported in any capacity.
Are you disliking the big honking watches with like 3 subdials? I don't like those either.
I lean to the minimal style, so I recently got one from Obaku. The one I got is technically in their women's line; women's watches tend to be simpler, and I have small wrists so women's watches tend to fit me better. Skagen also makes nice minimal stuff.
I also sometimes dig around used watch forums like WatchUSeek. You can find dozens of cool watches from the 60s-80s, many mechanical, for like $50-200.
I don’t store passwords in Firefox, nor do I use the ”Save page as”, I have never used the ”Report broken site” feature, and never activated ”Troubleshooting Mode”. I have never needed to configure network settings in my browser, and so on… As far as this discussion is concerned all these are bloat because they are not used. Seems like a strange yardstick to keep, when it cannot be properly applied, no?
I think it'd be cool to be able to remove those from the UI if you're not using them, yeah. For me personally, I find the Firefox UI is pretty streamlined, so suddenly seeing new right-click menu elements that I'm not going to use was a bit jarring and I'm glad there's a setting to remove them.
Good to know. I tried to find an off switch in the settings for the AI junk when it first popped up and didn't find one. It's mostly unobtrusive, so didn't bother me too much, but it's nice to have a way to get rid of a feature I'm not going to use.
Yeah, just searching for "AI" in settings find some choices.
eg "Use AI to suggest tabs and a name for tab groups"
And far more false positives - eg dAIly
Rule 0: Any networked computer should be considered semi-public. Don't store any information you do not want to be public, or give access to controls that you do not want to be publicly accessible, on a networked computer. There are simply too many vulnerabilities to assume otherwise.
I doubt there are many people in rich countries that follow this rule, given that smartphones are networked computers and people don't want their personal photos to he publicly accessible.
The tone of voice suggests you dislike Musk, but I will still answer in good faith. From what I can see from the outside, he has consistently for many years stated the same goals and worked on them. Any or most financial gains he made, he invested into his companies which work on accomplishing those goals (for example, going to Mars). The most notable example was investing his PayPal money into Tesla and SpaceX when they both were at risk of going out. He also has a reputation for working a lot, though it may be exaggerated, but he looks fairly unhealthy so maybe not too far off. Compared to other super rich people, he seems to spend less time in lavish ways, for example on yachts or similar. He probably still spends more money than we can imagine on unnecessary things, but on the spectrum of rich people he doesn't seem to be the most frivolous. Finally, he has said on Twitter that he doesn't care about money but needs resources for his goals, for example going to Mars. And after everything I’ve seen and the examples listed, it doesn’t seem totally implausible that he means it.
And all it took was ending public science funding and trust in public health and regulatory oversight and destroying the legislative and judiciary branches. Crazy how all the things it takes to get to Mars are also the same things that make him, personally, wealthier and more powerful.
Well, let’s assume you’re correct about all that. To me, it seems he was already quite rich before doing all the Trump-related things you mentioned. Those might have made him richer, but I’d suspect they didn’t move the needle much compared to his real profit centers (probably Starlink and Tesla). If anything, I’d argue those actions made him poorer by further damaging his reputation. And any “power grab” motives he may have had likely evaporated after his fallout with Trump. One current example is exactly what sparked this thread: the NASA Chief seemingly trying to impress Trump by attacking SpaceX.
The best theory into why Musk was so gung-ho about DOGE was specifically to shut down any government agency that was out to keep him from continuing to increase his wealth. By that measurement, he was in charge of the most successful government agency. Whether or not that had any positive/negative affect for Trump was merely an irrelevant by product of the actual mission.
That's not the best theory. He thinks government was too big, and wanted to cut waste. Trump, it turns out, wanted to have a "big beautiful bill" and Musk strongly opposed that, saying any bill that's big isn't beautiful. So he got moved off DOGE by Trump.
SpaceX has always complied with the regulations and timings needed by regulatory bodies. This isn't a thing.
Most CEOs presumably do want their companies to succeed and do good things in the abstract, but a lot of them would happily have them fail if it made them a huge pile of cash.
He does not have $200B in cash. It’s all stock — unrealized gains. I am not even sure you can convert it to cash without reducing the value itself. Also, AFAIK, spacex is not publicly traded, where does the $200B figure come from?
To be honest I don’t understand this argument of “no one can’t spend billions in a lifetime so no one should have billions at all”. Why do we set a limit on billions? Why do we use the idea of “can’t spend in a lifetime”?
SpaceX isn't public, but has raised money at a $400+B valuation and Musk owns 42% of that.
I have no argument about limiting anyone's money. I'm just wondering if there is a (real, useful) feat he can pull off now with $500B, but that he couldn't do with a mere $200B.
When my dogs go outside at night, I turn on 4 lights with "Alexa, turn on the dogs lights." I'd have to go to my kitchen and garage to do that otherwise, and I certainly wouldn't have those sets of lights wired up in a circuit otherwise control in that arrangement.
The switches I buy, do all of the dumb stuff, plus more - and the "plus more" parts can be quite useful.
Network connected switches can be a reasonable compromise for a retrofit but if you're remodeling it's a much better idea to run data cabling instead of electrical to all the wall switches and install all the relays in a centralized location.
> I just use my hands to turn light switches on and off.
Difficult if you're not there though? Whereas a smart bulb/switch can turn it on when you're not there (crime deterrence) or when you're almost home (handy in hallway with no light.)
(Niche uses, perhaps, but "I just use my hands" is reductive silliness.)
Both of your use cases do not require any from of smart device and certainly no internet connection.
In fact you could even use an simple analog switch if you want the lights to go on at certain times. And for the hallway I would suggest the tried and true motion sensor.
Sure for really complex logic and a lot of flexibility you might want an micro controller eventually but those are truly niche uses.
"Smart" devices are insanely overengineered for the simple problems they solve and the huge problems they can cause.
> And for the hallway I would suggest the tried and true motion sensor.
By the time I'm in the dark hallway, it's a bit late. "But just add a motion sensor outside!" Yeah, except this is a block of flats and you can't add stuff to the communal areas like that.
> if you want the lights to go on at certain times
I don't. I want the lights to go on -as if we were at home-. Which is "random times depending on which room and what people are doing and if there is cooking going on and ..." Home Assistant learns from smart bulb activations and can simulate our presence effectively.
It consists of a mechanical timer, a dial, and a relay. It plugs into a receptacle. It does not require an internet connection.
> or when you're almost home (handy in hallway with no light.)
This wall switch occupancy sensor that can switch 2A (240 watts at 120V, more than enough for one hallway) is $23, it’s a decora device so figure $2 more for a 1-gang stainless decora wall plate (or less than buck if you go with plastic!): https://www.homedepot.com/p/Lutron-Maestro-Motion-Sensor-Swi...
However, that much current can power (72) 10W LED recessed cans that each put out about ~1000 lumens. Or enough light for approximately 2400 square feet of interior space.
> (Niche uses, perhaps, but "I just use my hands" is reductive silliness.)
These are not niche functions, occupancy sensing and time of day scheduling are in basically every commercial lighting control system and fairly common in homes. They’re solved problems with cheap commodity devices available that don't require an internet connection.
[can't see any of the links because homedepot is blocking EU/UK]
> It consists of a mechanical timer, a dial, and a relay.
Great but it only works on fixed times. Which isn't what we want.
> This wall switch occupancy sensor
Would only work once we're inside. Which isn't what we want.
(And there's no possibility of putting one outside.)
> They’re solved problems with cheap commodity devices
For certain simplistic scenarios where things are easily installable, etc. Which is great! I'm not saying everyone should use smart things. Just pointing out, repeatedly, that the "cheap commodity devices" do not, and indeed cannot, perform the same functions as smart devices.
