New York or Disney World

Got me

deleted by creator

For example the tools for the really tedious stuff, like large codebase refactoring for style keeping, naming convention adherence, all kinds of code smells, whatever. Lots of those tools have gotten ML upgrades and are a lot smarter and more powerful than what I remember from a decade ago (intellisense, jetbrains helper functions, various opinionated linter toolchains, and so forth).

While I’ve only experimented a little with some the more explicitly generative LLM-based coding assistant plugins, I’ve been impressed (and a little spooked) at how good they often were at guessing what I’m doing way before I finished doing it.

I haven’t used the prompt-based LLMs at all, because I’m just not used to it, but I’ve watched nearby devs use them for stuff like manipulating a bunch of files in a repeated pattern, breaking up a spaghetti method into reusable functions, or giving a descriptive overview of some gnarly undocumented legacy code. They seem pretty damn useful.

I’ll integrate the prompt-based tools once I can host them locally.

I’ll admit, some tools and automation are hugely improved with new ML smarts, but nothing feels dumber than hunting for problems to fit the boss’s pet solution.

It seems like the US patent system today is rarely anything but a solution to its own problem. In most cases a patent is little more than an expensive troll ward or a way to demonstrate due diligence to investors. What’s taken its place is time to market. If that’s true, the patent system should either be replaced with something that serves its intended purpose or that office should stop accepting applications.

FWIW this is a common post-regime debate. Visit Berlin to see a number of creative solutions.

Haha, I see where you’re coming from. It’s a fairly old and ongoing debate: the importance of classical humanities in the curricula of primary and secondary education. To illustrate, at one point children were not only taught literature from the Greco-Roman period, but also the languages they were written in.

In fact, that’s one of the key reasons for all the institutional Greek and Latin usage you see in higher ed. That was the tradition. These were languages only the educated knew. The effects of that on society were mixed, in my opinion. Fast-forwarding to today, the recent trend has been to prioritize knowledge more relevant to the modern era, including STEM subjects and practical trade-related skills.

That’s the reason for the lingering notion, among older generations especially, that classical works are foundational knowledge, a common intellectual inheritance that everyone should know. While I’m more used to thinking this way, and can probably make some convincing arguments for it, I recognize that in many ways and for many individuals, it fails the test of relevance. So maybe it really is for the best that it’s only taught in the optional extension of higher ed.

Yes, zero expectation from me to read that book, but if you ever become curious, mythologies are often short, fun, and memorable stories to read. And once familiar with them, you’ll see references to them basically everywhere, including the names of blockbuster films and spaceships, like the Apollo.

You’re good. I upvoted. People downvoting are leery of anti-intellectualism (and not without good reason).

But I don’t see that in your comment. You simply didn’t know something, and you didn’t get mad when corrected. You acknowledged you just didn’t know yet.

In addition, your guess that the majority who recognize the name associate it with something from pop culture rather than classical mythology is likely accurate. Those who were taught this in school, or who had the resources at hand to teach themselves — public libraries, internet access, free time, etc — often forget that in most of the world knowledge remains a privilege, whereas the right to pay for entertainment is nearly always guaranteed.

If you’d like to read some of these stories, along with commentary about them, I would recommend A Guide to Mythology by Helen Clark, which is public domain and thus free. You can listen to it for free as well.

Edit: add links and additional resources

That’s great. And glad youre pressing landlord. They’re very likely obligated to cover expenses related to this, but I understand landlords are shitheads and a PITA.

Just to be clear, re: MW+kettle example, typical GFCI won’t prevent that overload. Circuit breaker should trip. There is a similar component that does both (AFCI) but it’s more expensive and shouldn’t be needed if your breaker is functioning correctly. Adding GFCI is usually inexpensive enough to justify but is only meant to protect against faults, not overloads.

Damn that’s convenient!

Yes, the simplest adapter style is a chunky wall wart, usually cheapest. Otherwise inline modules are common. For either, you just plug them in between the plug and its outlet and press the “reset” button. 15-amp 125v example from a common US supermarket ($14).

And if by extender you mean the multi-outlet strip extenders: yes, the adapter+extender would isolate the fault to just that strip. If ground fault occurs, everything on that strip turns off. You can also find power strips with built-in GFCI.

The only additional consideration re: which GFCI adapters you will need are

1. Voltage and amperage rating: you can just copy the rating of the outlet’s breaker

…or, if it’s just handling one appliance, take a picture of the power specification, usually a sticker on the back of the appliance, which should give you minimum amperage rating of GFCI

2. Socket type: if you’re in the US, likely all type B or maybe one or two type I (large 220V appliances) from this chart:

Edit: pictures

I’ve experienced this breaker bypass issue a few times and in each case it was a ground fault.

Why this can bypass breaker and trip the mains: In most countries, the common inexpensive breakers in residential panel boxes are not GFCIs. They will catch and interrupt marginal overdraw before it starts a fire but won’t trip fast enough in the case of a ground fault, which is one of the reasons fire codes usually require GFCI outlets anywhere near running water. Since the mains in MDL and housing complexes are GFCI, they can trip faster than the subpanel breakers in the case of a ground fault.

One case that might be relevant to you since you had reason to suspect your oven: a microwave oven door closure sensor became misaligned and would intermittently fail to report closure. It was one of two that controlled a kill-switch relay for the magnetron (the main power drawing component in a MW). The easter egg in their circuit design was that if sensor A failed to report door was closed, the oven would simply act as if door was open, but if sensor B failed to report door was closed, closing the door would instantly cause a ground fault.

Diagnostic recommendation: get some GFCI adapters to use on any big AC appliances you suspect might be causing the fault, like the oven you mentioned, so that next time it happens only the culprit appliance will lose power and you’ll know what to repair/replace.

ETA: the GFCI adapters are common and inexpensive, and your landlord would likely rather pay for a few of those than an electrician visit. Either way, this absolutely is the landlord’s responsibility, especially if your lease includes the appliances.

If we cut and run every time a big corporation “embraces” a new standard, just to lessen the pain of the day it’s inevitably “extinguished,“ we’d miss out on quite a lot.

This standard was open from the start. It was ours. Big corps sprinted ahead with commercial development, as they do, but just because they’re first to implement doesn’t mean we throw in the towel.

Also:

1. Bio auth isn’t necessary. It’s just how Google/Apple do things on their phones. It’s not part of the FIDO2 standard.
2. It works with arbitrary password managers including FLOSS and lots of hardware options.
3. Passkeys can sync to arbitrary devices, browsers, device bound sessions, whatever.

Yeah the moods in this thread, like

“[I don’t understand this]!”

“[I don’t trust this]!”

“[It doesn’t fix everything]!”

“[This doesn’t benefit me]!”

“[What’s wrong with old way]!?”

And like, all valid feelings… just the reactions are a bit… intense? Especially considering it’s a beta stage auth option that amounts to a fancy version of the old sec key industry standard, not the mark of the beast.

Yeah the counter-interoperability of proprietary expansions on FIDO standards sounds a lot like embrace extend extinguish to me. I know engineering standards generally require field revisions but these big corps have a track record of this behavior.

I can see how the FIDO standard’s dID requirement might be an issue at the org level, but even in the case of a fully custom/unknown rooted device they have provisions for using traditional security keys attached to one or more associated devices via USB/BT/NFC. Megacorp platforms might be first to facilitate adoption but the spec absolutely accommodates open provider integration.

I need to experiment with personal security passkey registration and authentication workflows to know how difficult it actually is in practice, but it looks like the equivalent of self-signed certificates are possible anywhere the user controls the stack like self-hosted intranetwork suites that are popular around here.

Thanks again for the write up!

I could see that. I’ve only found a few in the wild (mostly just enterprise, niche tech-related, and big platform web apps) but there’s probably some clunky implementations out there I haven’t suffered through yet.

For one, there seems to be this idea that if you lose your passkey you get locked out of your account forever.

True, plenty in this thread even. IIRC there’s usually a recovery key process same as a typical authenticator MFA, sometimes other routes in addition like combining multiple other MFAs or recovery contact assignment. Regardless, completely losing PW manager access across devices would presumably be the more immediate crisis for most.

Thanks for the great article! I had a question re: the top disadvantage you mention (lock-in).

Background: Although the on-device integration for Apple, Google, etc. use their cloud for E2E sync between devices, it appears KeePassXC using their passkey interception, discovery, and import procedures accomplish the same cross-device passkey implementation without needing a particular vendor cloud lock-in. As best I can tell, this meets the original standard’s sync fabric requirements (whether or not the big providers like it) and relies on platform-specific APIs mostly for interoperability.

Question: If KeePass has been able to implement their own sync this way, and the FIDO standard accommodates non-OS providers (e.g. browsers or PW managers), what is currently the biggest technical hurdle remaining for FOSS-based passkey providers?

KeePassXC has begun rollout of their own implementation, and I’m pretty sure they’re considered FOSS.

From a quick scan of the white paper, it appears they’re currently using on-device passkey discovery and otherwise “intercepting” passkey registration workflows, which I take to mean they aren’t originating the request as a passkey registrar. This may be the easiest method to satisfy FIDO’s dID requirements.

This is a big one. Lock-in and the threat of provider blacklisting means it will remain a shortcut like SSO (“sign in with ____”) until we’ve established federated providers.

On further reading, this may not be as far off as I thought. Passkey registration providers can be OS-level but browser and password manager based solutions were intended (overview from FIDO alliance). And it looks like KeePassXC has begun rollout of their own. If I’m reading correctly they currently “piggyback” off of an OS-based provider in various ways, so it’s not yet an end-to-end implementation, but these are early days.

The passkey options I’ve come across so far are as close to push-button as I can imagine.

Do you mean from the developer perspective, like the complexity of the API/workflow?

Exactly