Readit NewsahlCVA commented on IPv6 is not insecure because it lacks a NAT johnmaguire.me/blog/ipv6-... · Posted by u/johnmaguire
Obviously the two aren't the same (especially given the need to do routing), but I've always found it amusing that in the systems world, capability-based systems (i.e. making it impossible to address things you aren't allowed to access) are gaining traction while the philosophy in the networking world seems to be going in the opposite direction (make it possible to address everything, i.e. IPv6 vs. NATted IPv4, then add filtering).
ahlCVA commented on Bose open-sources its SoundTouch smart speakers ahead of end-of-life arstechnica.com/gadgets/2... · Posted by u/ahlCVA
Calling publishing API docs "open-sourcing" is a bit hyperbolic, but as token gestures go, it's at least worth a little bit.
I'm not familiar with those devices in particular, but I wish vendors would take steps to make life easier for after-markt firmware developers especially once devices go EOL by doing things like proactively dropping a GPL tarball and giving people a way to disable secure boot locks on devices that have them.
Sure, but then it is set to no-touch for every FIDO2 interaction I have. I don't want to touch for signing, but I want to touch when using it as a passkey, for instance.
This is a per-credential setting, so you can have your SSH signing key be a no-touch key and still use touch confirmation for everything else.
(see "uv" option here https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-cl... - the -sk key types in SSH are just a clever way of abusing the FIDO protocol to create a signing primitive)
I do it with FIDO2. It's inconvenient when having multiple Yubikeys (I always end up adding the entry manually with ssh-agent), and I have to touch the Yubikey everytime it signs. That makes it very annoying when rebasing a few tens of commits, for instance.
With GPG it just works.
For what it's worth: You can set no-touch-required on a key (it's a generation-time option though).