Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Nobody understand what this is (Score 4, Informative) 21

This is how I've come to understand it. I welcome any and all corrections.

Passkeys are a cryptographic key stored in a Secure Element. This is usually a private key inside a small cryptographic engine. You feed it some plaintext along with the key ID, and it encrypts it using that key. The outer software then decrypts the ciphertext using the public key. If the decrypted text matches the original plaintext, then that proves you're holding a valid private key, and authentication proceeds.

The private key can be written to and erased from the Secure Element, but never read back out. All it can do is perform operations using the secret key to prove that it is indeed holding the correct secret key.

On phones, the Secure Element is in the hardware of your handset. On PCs, this is most often the TPM (Trusted Platform Module) chip. In both cases, the platform will ask for your PC's/phone's password/fingerprint/whatever before forwarding the request to the Secure Element.

Yubikeys can also serve as a Secure Element for Passkeys; the private key is stored in the Yubikey itself. Further, the Yubikey's stored credentials may be further protected with a PIN, so even if someone steals your Yubikey, they'll still need to know the PIN before it will accept and perform authentication checks. You get eight tries with the PIN; after that, it bricks itself.

The latest series 5 Yubikeys can store up to 100 Passkeys, and Passkeys may be individually deleted when no longer needed. Older series 5 Yubikeys can store only 25 Passkeys, and can only be deleted by erasing all of them.

Theoretically, you can have multiple Passkeys for a given account (one for everyday access; others as emergency backups). Not all sites support creating these, however.

Comment Re:Auto-deleting chat criticism is weird (Score 2) 22

The auto-deleting chat criticism is a bit weird to me. Every big corporation I've worked for (four of them -- including Google -- as an employee, and maybe two dozen more as a contractor/consultant) has had automatic email deletion policies, and before that they had policies requiring memos and other written communications to be shredded/burned. Offices had boxes with slots in them that you dumped documents in and the contents were collected and destroyed daily. Automatic deletion of chats seems like a straightforward extension of typical American corporate policy. I'm not saying such policies are "right", just that they're routine. They're routine, of course, because the US is a very litigious country. [...]

But maybe there's some nuance to Google's actions that I've missed.

Google’s email (when I was there, I was a layoff victim ~2 years back) has something like a year long self delete policy, and anything you apply an archive tag to gets kept “forever”. So it is modestly durable. Plus of corse if Google gets sued and you or a work area you are involved in gets identified as a discoverable asset you get to be on discovery hold and all the mail gets retained until that process is over (and it can last years or decades).

Google’s chats self deleted in more like 45 to 90 days. Seldom long enough to survive into a litigation hold. The chats didn’t have an archive hold tag you could apply (one of the chat systems had a possibly accidental loophole, groups had their own retention policies settable per group, so if you had stuff you wanted to save you could make a group to discuss a document or design and set a year retention policy or whatever).

Google also quite deliberately had internal communications about “communicate with care” and pushed employees to discuss things in person and via chat and not email if it was business related as opposed to purely technical. It was very obvious we were being told to communicate anything that might be the topic of a lawsuit over chat (or in person) and never email. Durability of the messages and discoverability was mentioned. It wasn’t “do all the illegal stuff in chat”, it was “be aware that business practices can be very legally sensitive and are best conducted in person or if by electronic means in chat and never in email”, very nudge-nudge-wink-wink.

I mean nothing strictly illegal about reminding people what forms of communication work how, and all the documents had a retention policy, it just happened that the policy was generally “burn in a month and a half” which for a typical business would be very very suspicious.

To give Google a little break though with the volume of business Google use to conduct via email it is extremely different from companies that one would accuse of being shady with a 45 day burn policy: most traditional companies have “some” email, Google like many tech companies and especially tech companies where most of the management layers were ex-technical did communications relentlessly by email. At most phone companies if it would have been a phone call it would be an email chain. Meetings well, google still has way too many, but meetings got summarized in email (frequently by several people). If it happened it was probably in at least 8 if not 300 emails.

Post chat change though, things got memory holed. If it happened maybe there is an email, maybe. Likely lots of chat about it, all vanished into the mists go time (45 days back). Aruments about the 300th time a button name got changed? Chat, maybe a little email. Discussions about who a “target audience” for a product was? Absolutely in chat, never in email. Never never, never ever in email. What kind of user does a proposed feature appeal to? All chat, never email...

Comment Re:Should never let them get away with no admissio (Score 2) 22

The shareholders should have gone the distance and got the admission of guilt.

The problem is the shareholders want Google to be profitable. They are owners, and generally owners with the hopes that the value of the shares will go up, and they can sell at a profit.

An admission of guilt is a legal artifact that can be discovered in other lawsuits and used as a bludgeon. So having a “yeah, we totally admit we violated a whole bunch of laws” document signed by the CEO and board means Google is going to all but automatically lose lawsuits that turn on those facts. Like “please skip the guilt phase and proceed directly to the penalty phase -- how big a check do we need to write”. This is fantastic if you were impacted by some illegal behaviour of Google’s and are currently suing them and would like to skip the least certion 90% of the process and skip directly to the part where you convince judge and jury that a multibillion dollar company should write you a check big enough that they can feel it and will stop doing this to others.

It is pretty awful if you are a shareholder and absolutely don’t want Google to write any checks bing enough to notice let alone feel. You want huge profit piled into more R&D or advertising, or dividends, not the pockets of harmed parties suing Google!

So no, no way the shareholders want this at all. It isn’t a matter of letting them get away with it, it is a matter of making sure they don’t get punished in the future for it. The most reliable way to not get punished for a thing is to not do it a bunch more, and to not brag about having done it in the past, and to not get caught checking to see if the bodies are still securely buried. Google’s share holders absolutely don’t want it marching into court and yelling “I did it! I did it judge! I killed them all! It was me! It was me all along!”

Google’s shareholders are better served by a coverup and future improvements (either not being as evil in the future, or merely hiding it better). Google’s shareholders are not your ally for justice, don’t look at them to improve things for you except by accident.

Comment Thirty Fucking Years Late (Score 1, Informative) 91

Congratulations, you feckless imbeciles. You've "innovated" general software package management a mere three $(GOD)-damned decades after Redhat and Debian did it.

While you're at it, why don't you "invent" a tiling window manager that can be driven entirely from the keyboard... Oh, wait...

Honestly... Why is anyone still voluntarily giving money to these chowderheads?

Submission + - Nvidia Accused of Media Manipulation Ahead of RTX 5060 Launch

jjslash writes: Hardware Unboxed has raised serious concerns about Nvidia's handling of the upcoming GeForce RTX 5060 launch. In a recent video, the independent tech reviewers allege that Nvidia is using tightly controlled preview programs to manipulate public perception, while actively sidelining critical voices.

The company is favoring a handful of more "friendly" outlets with early access, under strict conditions. These outlets were given preview drivers – but only under guidelines that make their products shine beyond what's real-world testing would conclude. To cite two examples:

  • One of the restrictions is not comparing the new RTX 5060 to the RTX 4060. Don't even need to explain than one.
  • Another restriction or heavy-handed suggestion: run the RTX 5060 with 4x multi-frame generation turned on, inflating FPS results, while older GPUs that dont support MFG look considerably worse in charts.

The result: glowing previews published just days before the official launch, creating a first impression based almost entirely on Nvidia's marketing narrative.

Comment Re:We can't go back. (Score 0) 59

Indeed, when the first SSDs appeared, I cynically observed at the time that the only reason they existed was to make Micros~1's shitty filesystem seem faster than it was. Thus, it was no surprise when Micros~1 started heavily promoting them -- especially those weird "hybrid" drives that bolted an SSD on the side of a traditional hard drive to use as an extended cache.

Slashdot Top Deals

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...