Readit News logoReadit News
eddyg commented on Are Apple gift cards safe to redeem?   daringfireball.net/linked... · Posted by u/tosh
wishfish · 2 days ago
Would checking the Apple gift card balance first be a useful precaution? Would it have saved Paris all this hassle?

Seems like this might be a necessary step if checking the balance would reveal there's something wrong with the card. Would be frustrating to see the $500 card is worthless but better than risking the bureaucratic hell.

eddyg · 2 days ago
I had this exact thought. Unfortunately I can't find a way to check the balance of an Apple gift card without signing in to an Apple ID⁽¹⁾. So maybe you need a throwaway Apple ID...

⁽¹⁾ https://support.apple.com/en-us/108111

eddyg commented on Yep, Passkeys Still Have Problems   fy.blackhats.net.au/blog/... · Posted by u/todsacerdoti
andrewmcwatters · 3 days ago
I don't care what you other people in auth do, I work in auth too, please stop making signing into anything 5 steps.

1. First I get redirected to a special sign-in page.

2. Then I sign-in with my email only.

3. Then it finally asks me for a password, even for services that would never reasonably use SSO or have another post-email receive process.

4. Then I get redirected again to enter 2fa.

5. Then these websites ask if I want to create a passkey. No, I never want to create a passkey, and you keep asking me anyway.

6. Then, and only then, do I get to finally go back to using the service I wanted, and by then, you've lost whatever my `?originalUrl=` was, and I have to find it again.

No, don't send me a magic link. Because then I have to go do 4 more steps with Gmail or another mailbox provider and now signing in has become 10 or more steps.

No, don't tell me getting rid of passwords will help most of the population, and then force all of us to do the above, and blatantly lie to us that it's better.

Stop it. Get some help.

eddyg · 3 days ago
If you created a passkey, it would be one step.

Deleted Comment

eddyg commented on Yep, Passkeys Still Have Problems   fy.blackhats.net.au/blog/... · Posted by u/todsacerdoti
noAnswer · 3 days ago
How does the secret jump from the PC to their phone? How do they know each other? ...does the answer involve going all-in on Apple forever?
eddyg · 3 days ago
iCloud Keychain (or whatever the Google equivalent is). And as I said, it's a fantastic solution for the vast majority of the population (which, coincidentally, are also not Hacker News readers).
eddyg commented on Yep, Passkeys Still Have Problems   fy.blackhats.net.au/blog/... · Posted by u/todsacerdoti
lazide · 3 days ago
Huh? I’ve seen zero implementations that work seamlessly across computer, phone, tablet - unless they are all single platform, which I have yet to see anyone actually pull off.
eddyg · 3 days ago
It's a beautifully simple experience for Apple users across all their devices.

I can't speak for other platforms; I stopped helping ${EXTENDED_FAMILY} with non-Apple questions because the crap I had to diagnose, debug and deal with for Windows and Android was worse than ${DAY_JOB}.

eddyg commented on Yep, Passkeys Still Have Problems   fy.blackhats.net.au/blog/... · Posted by u/todsacerdoti
201984 · 3 days ago
It's great until they break their phone, or spill coffee on it, or just lose it, and now they are locked out of EVERYTHING with no good way to get back in.

Passwords on a piece of paper for better or worse do not have that problem.

eddyg · 3 days ago
Only if they're not backing up their phone, which seems insane in this day and age.

And even if they're not, if they have a computer or tablet, the passkey will still be available there assuming they share an account.

You can also recover your iCloud Keychain via a designated/trusted Recovery Contact (e.g. spouse, who presumably hasn't destroyed their phone at the exact same time), or via iCloud Keychain escrow.

https://support.apple.com/guide/iphone/passwords-devices-iph...

eddyg commented on Yep, Passkeys Still Have Problems   fy.blackhats.net.au/blog/... · Posted by u/todsacerdoti
eddyg · 3 days ago
Passkeys are fantastic for the vast majority of the population. They solve oodles of problems. No more teaching ${FAMILY_MEMBER} about good passwords, password re-use, trying to explain how to use a password manager, etc. Instead: create passkey, done. Then it's seamless login whether they're on their computer, phone or tablet.

As a tech-savvy user fully aware of the underlying machinations involved with passkeys, I greatly prefer their simple, fast login experience over: username submit password submit TOTP submit, and especially over the much-worse "we've emailed you a code" login slog.

eddyg commented on Tell HN: HN was down    · Posted by u/uyzstvqs
laCour · 3 days ago
This was monitoring the unauthenticated news page, which is why it didn't catch it. It now monitors authentication as well. It is not official, and was made by a co-founder years ago.
eddyg · 3 days ago
Thanks! I checked that page and wondered why it stayed green. I resorted to checking https://downforeveryoneorjustme.com/hacker-news
eddyg commented on Guarding My Git Forge Against AI Scrapers   vulpinecitrus.info/blog/g... · Posted by u/todsacerdoti
klaussilveira · 8 days ago
I wish there was a public database of corporate ASNs and IPs, so we wouldn't have to rely on Cloudflare or any third-party service to detect that an IP is not from a household.
eddyg · 8 days ago
Just search for "residential proxies" and you'll see why this wouldn't help.
eddyg commented on Show HN: Lockenv – Simple encrypted secrets storage for Git   github.com/illarion/locke... · Posted by u/shoemann
eddyg · 12 days ago
I’ve been using git-crypt⁽¹⁾ which is transparent (you put the patterns you want to encrypt in .gitattributes) and lets you use GPG keys or symmetric keys. And it's been around for quite a while.

⁽¹⁾https://github.com/AGWA/git-crypt

e

u/eddyg

KarmaCake day1952December 13, 2012View Original