• 2 Posts
  • 140 Comments
Joined 1 year ago
cake
Cake day: July 2nd, 2023

help-circle


  • The biggest hole in WASM right now is being able to DO anything really useful in it, natively. The only thing you can do natively right now is use the CPU. Can’t manipulate the DOM. Can’t access local storage or cookies or networking APIs, etc. You can call out to arbitrary JS code, but that’s it.

    This is great for some of the big JS libraries that have very CPU-heavy workloads they can optimize in WASM and call to from JS. Like frequently parsing and re-parsing HTML. Or doing game physics calculations.

    I haven’t heard word one about WHEN any of this will be available. Which is particularly troubling, given how long people have been begging for it.

    Of course, none of this stops you from using WASM in the real world, to do quite a lot of things. You’re just gonna have to deal with JS interop, still, do do anything really useful.






  • As I understand it (and assuming you know what asymmetric keys are)…

    It’s about using public/private key pairs and swapping them in wherever you would use a password. Except, passwords are things users can actually remember in their head, and are short enough to be typed in to a UI. Asymmetric keys are neither of these things, so trying to actually implement passkeys means solving this newly-created problem of “how the hell do users manage them” and the tech world seems to be collectively failing to realize that the benefit isn’t worth the cost. That last bit is subjective opinion, of course, but I’ve yet to see any end-users actually be enthusiastic about passkeys.

    If that’s still flying over your head, there’s a direct real-world corollary that you’re probably already familiar with, but I haven’t seen mentioned yet: Chip-enabled Credit Cards. Chip cards still use symmetric cryptography, instead of asymmetric, but the “proper” implementation of passkeys, in my mind, would be basically chip cards. The card keeps your public/private key pair on it, with embedded circuitry that allows it to do encryption with the private key, without ever having to expose it. Of course, the problem would be the same as the problem with chip cards in the US, the one that quite nearly killed the existence of them: everyone that wants to support or use passkeys would then need to have a passkey reader, that you plug into when you want to login somewhere. We could probably make a lot of headway on this by just using USB, but that would make passkey cards more complicated, more expensive, and more prone to being damaged over time. Plus, that doesn’t really help people wanting to login to shit with their phones.


  • Automated certificate lifecycle management is going to be the norm for businesses moving forward.

    This seems counter-intuitive to the goal of “improving internet security”. Automation is a double-edged sword. Convenient, sure, but also an attack vector, one where malicious activity is less likely to be noticed, because actual people aren’t involved in tbe process, anymore.

    We’ve got ample evidence of this kinda thing with passwords: increasing complexity requirements and lifetime requirements improves security, only up to a point. Push it too far, and it actually ends up DECREASING security, because it encourages bad practices to get around the increased burden of implementation.





  • Also related to reddit, since that’s where I was always inundated with this shit, before moving here: the constant stream of Genshin Impact leaks that come out, that the whole obnoxious subculture is built around, are just released by Mihoyo, intentionally, under the guise of all the anonymous leakers that constantly come and go. Seems to me like the only explanation for how CONSTANTLY leaks come out, and how they’re basically never actually damaging to the game or the company, while being REALLY effective at stirring up obsession in the fanbase, and driving people to invest more time and money into the game to be prepped to get the next new character immediately on release.

    Also how so many of the leakers would release extremely accurate stats and numbers, but then drop statements like “if I release any more than this, I’d be risking my safety” or “since everyone’s been asking about it, I’ll go ahead and confirm X, but after this I’m gonna have to go on hiatus for a while, until things cool down”. Seems like nonsense meant to either inflate the leaker’s ego, or rile up the fanbase.



  • I think the big reasons for most people boil down to one or both of two things:

    A) People having 0 trust in Google. I.E. people do not believe that paying for their services will exempt them from being exploited, so what’s the point?

    B) YouTube’s treatment of its content creators. Which are what people actually come to YouTube for. Advertisers and copyright holders (and copyright trolls) get first-class treatment, while the majority of content creators get little to no support for anything.



  • JakenVeina@lemm.eetoMemes@lemmy.mlI hate these icons
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    3 months ago

    Anyone else this there’s actually nothing at all wrong with the “New” row of icons? Except for the triangle one, which is terrible in its “Original” version as well, as it indicates absolutely nothing about its app (I believe it’s Google Drive, right?). All the rest are clearly distinguishable, and have relevance to what the app does.