To be clear. Proper 2FA, via something like a smartcard or any truly external device is still much more secure. You could have one of those factors be a passkey, that's fine, and may be a good idea.
But there are UX issues with passkeys as well, that aren't all well addressed. My biggest gripe is that there is often no way to migrate from one passkey provider to another, though apparently there may be a standard for this in the works?
Not who you are replying too. But a yubikey is not a weak factor.
In fact, it’s not even meaningfully more secure than passkey (as passkey is designed) - passkey is, however, more convenient.
So it’s more ‘one weak factor + (really times) one medium/strong factor’ vs ‘one medium/strong factor’.
Which yes, the first one is better in every way from a security perspective. At least in isolation.
The tricky part is that passkeys for most users are way more convenient, meaning they’ll actually get used more, which means if adopted they’ll likely result in more actual security on average.
Yubikeys work well if you’re paying attention, have a security mindset, don’t lose them, etc. which good luck for your average user.
if 2fa is "use the second factor that's on same device as first factor" (like when using phone apps in many cases, password + 2fa from email/sms/authenticator app on same device), I disagree.
Regular claude code is already a remote access door to your setup, once you've granted a few command execution permissions. (e.g. if it can edit your code and run the test suite)
I've had a similar experience with a very long standing bug on a github project that really annoyed me but I didn't have time nor experience with the project's context to work on it. So Claude investigated and after many iterations (>100, very complex project), it managed to make it work.
The team/person responsible for Woot sold it to Amazon, and then launched Meh the day their non-compete ended, along with a manifesto explaining how badly they thought Amazon had handled Woot.
Depends, I love it and am happy to pay for it out of privacy concerns and supporting a non-monopolist. It's got some neat features that I use all the time that google doesn't have. Is it's search results better than google? Maybe. Maybe not. I do know when I can't find something on kagi, google doesn't either.
I have no clue where I read it, that was back when meh.com launched eleven-ish years ago. I didn't find it in a hot minute of searching either. I did find these, some of which talk about the circumstances obliquely:
I'd love to see some stats on this: people leaving to start something new (be it Apple or any other acquiring company) might be over-represent because there is not much news about people staying in their job
I see it more like the tractor in farming: it improved the work of 1 person, but removed the work from many other people who were in the fields doing things manually
They do x.y.z versionning where x is often a marketing version so they have to say something at the WWDC. Here on 26 it's more than marketing, but that's not always the case. y versions often contain bug fixes but also new features.
That's usually true with Apple for .0 releases: never install those if you need to work with macOs, iOS, ... but this Tahoe version has revealed itself as being in a sad state even after the .1 .2 and now .3 It's not unfair for it to have earned the title of Windows Vista of macOs, something has become really wrong with the management of that release.
reply