Show more

You can get a better sense of the pattern now that it's repeated a few times. This is called "Wandering Vine" (from Davison's famous ⁨⁩ pattern book) but is also known as "Cat Track" or "Snail Trail" which makes more sense once you can see more of the pattern.

Show thread

This is NEXT WEEK! I am giving a data privacy workshop on Friday at 10:30am, and I'd love to see you. Tickets are nearly sold out, but as long as they are available, use WITTSPEAKER15 for a 15% discount to save 15% on passes at checkout. women-in-tech-texas.com/

I finally sat down and started ⁨⁩ the overshot table runner last night. The set up for this took quite a while, but I think the actual weaving will go pretty quickly.

@ullgren It sounds like we agree. I like and appreciate methods like FIDO2 and think there is a place for all three kinds of factors in combinations dependent upon threat. What I am opposed to is completely eliminating one of the factors, especially when it's one that gives more control to the individual.

@katherined @RyuKurisu @reality2cast What's also funny is that I've had two verified links in my own profile (one for Purism and one for my personal site) for ages but totally forgot that I had done it, and about the process, when we were doing the podcast.

@wion@writing.exchange It's from the Long Thread Media podcast, an interview with Heavenly Bresser.

Their general podcast page is at:
longthreadmedia.com/podcast

And the download link to this particular interview is at:

aphid.fireside.fm/d/1437767933

@twrightsman They don't trust the user. They do trust the hardware *now* because they can control it remotely, can prevent unauthorized software from running. Combined with their keys inside the secure element, the user just provides minimal in-person proof it's them (biometrics) while hardware does the heavy lifting for trust.

@dredmorbius As I elaborate on in the article, I think the main reason passwords failed is due to bad password policies (which I blame Microsoft for in large part!) that didn't take the user into account. I'm not convinced that unrevokable biometrics that unlock a "something you have" in your phone are necessarily *better* than a good password. Which factors are appropriate comes down to particular threat models and I don't think doing away with one of the three auth factors entirely is wise.

That said, I understand why *they* would be enthusiastic to move people to authentication methods rooted in their hardware that make you (and other vendors that integrate with it) dependent on them for authentication.

Show thread

I'm not that enthusiastic about Google, Apple and Microsoft doing away with as an factor, because it's one of the few areas left on these platforms where people have some control over their own . puri.sm/posts/microsoft-ruined

Still wondering what my secret project is?

#Jazda

An #opensource bike computer.

After weeks of working behind the scenes, today the first functional prototype was tested on the road. Hello world!

Check out jazda.org if you want a prototype too.

#foss #floss #fahrrad #cycling #cyclocomputer

@aral I talked about this issue in a post for Purism recently. As you allude, the prime motivator for this move to the passwordless future is to anchor trust in these vendors so people are dependent on them for security. Passwords are one of the last areas where a person has some level of control over their own security in these ecosystems.

puri.sm/posts/microsoft-ruined

@wion@writing.exchange Yes I was listening to an interview with a spinner who collected spinning wheels and apparently she learned woodworking and joined an online guild so she could fabricate parts that were missing from some of her antique wheels.

This weekend I'm threading the warp for my next ⁨⁩ project, a table runner with a "Wandering Vine" overshot pattern. Threading 452 warp threads is a lot all at once so I'm splitting it into multiple 1-3 hour sessions.

I was able to figure everything out! It required quite a rewrite of what I did for 4.0.4 to adapt it to 4.1.0 but now I have a functioning Qubes 4.1.0 OEM install disk that will prompt you post-install for your LUKS unlock password as part of the user setup.

Now we will test it some more internally before starting to use it for new Librem orders that request Qubes.

Show thread

@aral One day I'll have to give a talk about the UI of early mechanical calculators contrasted with modern UI design. These calculators were nothing like modern ones, it was basically a direct front-end to the machinery that made the calculations possible. As a result there was about 3 or 4 families of UI, each distinct (because of patents) and each requiring you study a manual to do even simple calculations.

Qubes 4.1 has an updated anaconda with redesigned python code which broke all my OEM install customizations from 4.0.4. I'm finally making some progress on rewriting my changes and hope to have an updated OEM installer soon.

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml